Why you don't need a firewall (article)

(Link was mentioned in this thread already; posting for those who missed it)

Follow-up: http://www.infoworld.com/d/security/the-firestorm-over-firewalls-193409

Some other discussions of this article:
http://community.spiceworks.com/topic/225438-why-you-don-t-need-a-firewall
http://www.techsupportalert.com/freeware-forum/security/9806-firewall-not-needed.html

Let the fireworks begin!

 

Last time I encountered worm that was spreading through vulnerable network port was Sasser in 2004. After that MS released Windows XP SP2 with FW enabled and that kind of attack on personal computers has more or less stopped. If we stop using them (FWs), those attacks would surely come back.

hqsec

 

By default there are no real opened ports. You do not need a firewall nor AV, but the point is, this article is not meant for the common folk, but for savvy users like on Wilders.
Over the years, that I do not use a firewall, I can not really say, that I miss it. I spent hours, even days tweaking firewall rules to the max, now I see, that it was pointless.

 

Vista and later use service hardening to mitigate the damage of attacks upon OS services.

 

Comment from the author:

I'm not going to turn off the built-in Windows 7 firewall though.

 

I've said this earlier, i haven't use any firewall in 8 years and have never been hacked or any other issue with my laptop!!

I've beeged to hackers to hack my pc and i even gave them my ip adress but still nothing happend. So of course people don't need a Firewall, maybe they need an AntiVirus but according to me NOT a firewall.

 

How do you come to that conclusion? All of the NT versions of Windows have ports open. From Vista onwards, some of them can't be closed.

 

The original Infoworld article describes inept or incompetent users who fail to write proper rules and don't properly troubleshoot or maintain a firewall. It also mispreresents several issues, ports 80 and 443 being prime examples. Obviously you can't block all of the traffic on those ports and still use a browser. If you don't run a server, you can block all unsolicited inbound connections.

From a privacy perspective, software firewalls are more important than ever. A software firewall with good loopback control would have stopped the exploit that deanonymized TorBrowser users. Software firewalls are the only tools that can prevent individual apps from calling home.

Hardware and software firewalls are only as good as the rules they enforce. Unless you're regularly adding more devices or adding services that require remote access, there isn't that much maintenance. The biggest problem with software firewalls is feature creep. The trend to turn firewalls into security suites and emphasizing those features has steered the users focus away from the firewalls original purpose. Writing effective firewall rules is becoming a lost art.

 

Are we talking about no outbound control, no custom configuration, or no firewall at all? There seems to be a confusion here.

 

I believe the author was mostly referring to hardware firewalls that are found in businesses. He advocates using a router instead.

Background info: Routers, Switches & Firewalls – Learn how they are different.

 

In his first article, author talks about remote buffer overflows, so I guess he is talking about firewalls in general (inbound only, outbound, routers with FW...). He claims that system internal protections are enough and we can expose our system wide open to internet with no firewall whatsoever.

hqsec

 

Do Firewalls make sense?

 

I can think of one more reason for a good Open Source network firewall. We've seen a growing list of modems and routers that are either backdoored, shipped with very vulnerable configurations, or are exploitable. A good firewall in front of a router can make it much harder to reach and compromise.

 

Tried such approach some years ago when i had no idea what a firewall is ,but i did know i needed an antivirus then.It was in the XP era ,that one that until SP2 always had high rates of infection.
So the PC had that XP SP1

The PC was used for gaming ,connected thru DSL, no hardware firewall in front.
After every fresh installation ,with an AV installed and up to date it only needed an hour or something like that to get pop ups from the antivirus for worms and trojans.

So in a few hours the system was practically fully compromised by known malware.
Seeing the known message that the PC is shutting down was always guaranteed to happen so lssas worms were always getting in..

This was a real PC not virtualised.This exact reason made look for firewalls and this exactly showed me that with a real firewall no AV is needed.

So don t try using no firewall because you will get owned.
You can live with no AV installed ,but without any kind of firewall is purely stupid.And as the OS offers a good one i see no reason not to use it.

The firewall is the first and most important line of defence and only afterwards HIPS and AV come in.

If you want to get owned don t use a firewall ,like the thread title suggests .

 

Any modern consumer OS comes with an integrated firewall. At the very least, use it.

 

As I said, they are not really opened, I can not really explain it technically, I hope, that someone smarter will. http://www.ulozisko.sk/obrazky/664488/capture_02192014_023247.jpg

No, you will not get owned, it is just marketing, when everyone keep saying, if you go on the internet without any security you will be infected within seconds, a good joke.
The reason not to use it is the same like for the AV, the performance impact or simply running an useless application in the background. I am just sick of even the idea of it.

 

If you do not use an AV then what form of threat mitigation do you use to prevent becoming infected?

 

Only what I have in my signature, like a sandboxed browser, disabled Windows services, tasks, UAC at max. I call is a passive defense. I rely on Windows to protect me.

 

Do you use Sandboxie for your browser, or do you use something else? Has UAC ever stopped a real threat that you know of?

 

Elaborate please. Security can be anything from running full time av, anti-executable, firewall, fully or partially patched O/S or applications, HIPS, or how about running as a Standard user, etc...

http://support.microsoft.com/kb/826955

 

That link again?! It was an opened port in XP, I know about it, I was infected while I was still installing Windows, twice in a row. It is a history, MS learned its lesson.

No 3rd party security application, that is my rule, only an inbuilt browser's sandboxing. No, UAC never stopped anything.

 

Do you do regular scans with Malwarebytes, Hitman Pro, or any other on-demand scanners?

 

I used too, but then I stopped, I find it pointless, it is not like malware can so simply execute by itself, even if it is in PC already, unlikely what AV companies claim. There are a few dangerous cases like WMF exploits, but they are really rare, like once a few years and even that was exploited long before it went public, so AV would not help either.

 

If you ever become infected you could go for a long period of time without knowing unless your PC is showing clear signs of being infected. I do not trust Windows that much. I deal with sensitive data, and can't afford to risk it.

 

Well, I do not use PC just for gaming, I have an internet banking, pay by credit cards and I shop online only.
But do not take me wrong, I do not encourage people not to use any security, just saying, that it is possible.