Are you behind a Router / NAT?

No router, modem + FW. Why, several reasons. A router without a FW only gives unidirectional coverage, i prefer bidirectional. Also with a modem there is no MAC address info to be sniffed. Not that i'm expecting to be compromised lol, but hey these days the bad stuff is cleverer n baddier than ever before. As i often download and try out various Apps, and sometimes nasties too, it just makes good sense to be better protected in both directions.

I got a router sent free from my ISP, tried it just for sake of it to compare, and found the speed difference wasn't that much to the above setup !

I also think that for most users out there in www land, with the amount of bad stuff around, and their failure to distinguish what is and isn't, they could benefit from 2 way protection. It won't always work of course, depending what it is, but why not if they can, and frequently for free as well.

 

I would bet that the probablility of both a top rated AV and firewall being bypassed by a malware sample is significantly lower than just the AV missing it. One cannot expect 100% protection. Lowering the probability of system compromise is the goal to which a combination of blacklist and HIPS/BB based firewall solutions are an effective combination.

That doesn't even make sense. The firewall might miss something so you would rather go with no protection at all? The firewalls I have used (Comodo, Kerio, Outpost, DSA, etc) have blocked trojans/info stealers on a number of occasions when either the AV had failed or I didn't have one installed. Most of the trojans/info stealers in circulation are relatively simple and easily blocked by the top rated firewalls, at least in the hands of a typical Wilders security geek.

 

yet again u keep assuming im talking about relying on only an AV... i said i dont use a firewall, i never said i dont use other means. and ive yet to have a firewall do anything useful for me, ive always stopped the malware BEFORE it gets in, not AFTER. i think everyone can agree its MUCH better to stop the malware BEFORE it infects u than trying to clean it up or keep it in AFTER its already ther.

 

Same here.

 

I agree. The whole point of PC security is to prevent infection. Once a nasty is installed and 'phoning home it's too late. Time reprep or use that image that you faithfully took once a week.

 

Majority of the infections are not happening from the firewall side or port-based. Most of which have bypassed the firewall and are happening at the browser side. Routers will not save you from browser side attacks like drive by downloads installing keyloggers trojans etc. Using noscript might help and sandboxie as well. Firewall with application control will catch some of those phoning home nasties. But as others have said, the game was lost. But with so many zero day exploits and malwares, blacklisting signature based detections will not be able to keep up.
Even legitimate sites are hosting malware codes because of cross site scripting and sql injections which form the bulk of security risks rather than the portscanning based worms which router could have you protected.

I think application-control firewall has its place. But prevention is better. So hardening of browser settings or the use of sandboxie and of noscript are also needed against these zero day infections.

 

Thanks.
Jerry

 

yep thats wer my rollback rx comes in

 

Your sig says you run Windows Firewall. How would you even know if it's doing anything anyway, since WF doesn't alert on blocks (except for server apps)?

You pretty much have the same setup as me (Mamutu and Windows Firewall) which, combined, do pretty much the same as any modern firewall with HIPS like Comodo or Outpost. A rose by any other name...

You're assuming that your first line of defenses will detect every potential threat. Not everything that sends personal data would be detected as a trojan. A few years ago there was a FlashFXP utility floating around that would surreptitiously send your server/password list to a server in Europe. It used straightforward network access (no dll injection, etc) and didn't access anything in your documents folder or the registry. A firewall is probably the only thing that would (and did) stop such a program.

 

Not at all. If you have a firewall with adequate application control capability installed, you can prevent that nasty from actually communicating anywhere. How would you know if it's breached your 1st line defenses and is phoning home unless you have something that notifies you on network access attempts, like a firewall?

 

My home is behind NAT, and every single client of mine (I'm an SMB Consultant) is behind NAT. I will not support anyones computer if they are not behind NAT.

Been doing this for many many years. Is it a coincidence when I see computers that are plugged directly into a broadband modem, where the PC has a public IP address...that those PCs are the ones that have a much higher rate of getting infested with worms/trojans? Nope.

So someone will say "I don't need a router firewall, I run <insert favorite software firewall name>. Well...again it's not my first day on the job, I've seen computers where the software firewall was either knocked out by malware, or the service got corrupted....either way, the PC was no longer protected. Thus...it only takes a few minutes to compromise.

 

True!

OS Embedded firewall alone without the NAT router connected to Cable/DSL Modem would be more unsecured then NAT Router with OS Embedded firewall.
Disabled the OS Embedded firewall and use 3rd-party firewall software without NAT router is secured. Disable OS embedded firewall instead use 3rd-party firewall software + NAT router for extra protection.