Help, I extremely need now, PLEASE...

Hi, everybody.
I just bought a new Edimax ADSL2++ Router.
For extra safety I tried 3 software firewalls CFP 3.0, ZoneAlarm Pro and Outpost Firewall Pro-even though my firewall and SPI in my router were completely disabled, I started visiting some dangerous websites.
Despite, I was on the internet for over 2 hours neither of these 3 software firewalls were showing any blocked intrusion.
You'll probably say to me that this is because of the router-but that's impossible, since both firewall and SPI were both turned off!
Than I went to pcflank.com and grc.com to check how good my protection is, bit I failed all attacks, and yet how didn't I get infected being on the net for over 2 hours?
This is truly insane.
And believe me I did check, re-check, re-re-re-check with the best antivirus and anti-spyware shareware products-nothing was found, otherwise I'm sure I would notice it like the last time before this my computer was full of malware.

Any opinions?

 

Hi!
even if you turn OFF the firewall/SPI on the router you have still NAT on.
So tests will most likely found most closed ports and few open ones (depending on configuration).

To test properly you need to remove the router and plug your system directly to the modem and if your router is the modem than you need to set your router only as MODEM.

Cheers,
Fax

 

Hello,
Even if you had your firewall off - all of your firewalls, if you run no services and did not download and execute anything, then there's no reason to get infected.
Mrk

 

Big thanks to both Fax and Mrkvonic.
One question: If I completely turn off NAT and SPI and firewall, will ZA Pro in this case start to count all of the intrusions blocked, what I have to do to see blocked intrusions in ZA, Comodo, Outpost?
Also, I noticed that my router is more or less colliding with ZA Pro, it's almost an overkill, why is that the same goes with Outpost Pro?
What should I do-would simply turning off the NAT (yes I think you're right, before I entered the router, NAT was enabled-I think), and turn off the firewall and SPI and than this will resolve the problem or I have to do something else with my LAN?
Please, help.

Of course, I'm not trying to compromise my own security.
Big thanks to both Mrkvonic and Fax.

 

Well, it's true I didn't download anything, I simply surfed through various websites.

 

Personally, I wouldn't turn off NAT for love nor money. Unless I wanted the machine to get infected.

SamSpade


|||

 

Sure, but I used Outpost Pro, ZoneAlarm Pro and Comodo Pro before and they did protect me without any NAT.

 

If your system (OS and related software) is fully patched the chance to be infected are really near to 0 if not a full zero even without a firewall. Unless you voluntary run specific executable or surf to infected sites!

Cheers,
Fax

 

Yes, just check your machine IP (start --> run --> type cmd --> type IPCONFIG /All on the new window) is really not the one assigned by the Router (e.g. 192.168.X.X or 10.X.X.X, etc...). Then you are without the router and you can test your software firewall.

Cheers,
Fax

 

Please read

http://wiki.castlecops.com/Understanding_Computer_Infections
http://wiki.castlecops.com/Understanding_Computer_Infections_-_Part_two
http://wiki.castlecops.com/Understanding_Computer_Infections_-_Part_three

to get an understanding of how malware actually gets on your computer. Then you will understand why not having a firewall turned on didnt get you infected.

 

You can put the internal IP address your PC uses (obtained from the router) into the DMZ and that will let all traffic flow thru to the software firewall. I don't know why you'd want to do that though, but that's how you'd do it.

 

Yes, of course. And I use my computer on the road a lot without a NAT router, using software firewalls instead. What I'm saying is: if I have a NAT at my disposal, I'm going to use it. Might not be necessary with a good soft FW, but for peace of mind I like my NAT!



SamSpade


|||

 

Online gamers use DMZ, I am told.

LOL on your sig, by the way.

Woot!


SamSpade

|||

 

Putting you LAN IP in DMZ will route all packets to that IP. To turn off NAT completely, you would need to turn off routing and set your gateway (router) in bridge mode. This will cause your (one) PC to have your ISP assigned WAN address.

What intrusions do you expect to see out there? There are none, unless you initiated them.

Checking software firewalls for "stealth" i.e.

Cheers,

 

Hey Everyone!

Just too touch up on the original posters question a little bit.

For a test (taken a 2 years go), I ran my always on Internet which is a cable modem for a period of a year and a half without a software firewall and router. I simply directly connected to the internet. During this time period, I never got infected or became a victim to an internet network attack.

In fact, to stimulate real results of an average user without a router, I had many service ports open and could have easily been seen via port scan.

I think that as long as your system is fully patched and your just a simple home user, It's pretty much safe to say that you have a low chance of getting infected unless you deliberately just to do so. Meaning your visiting drive by download sites and downloading and executing Malware, which even a pure firewall or router can't save you from.

However, I would not recommend this method for business owners, or anyone who works from home and keeps serious and important documents on their PC. You can never tell when that next vulnerable can arise which can compromise your data.

On a side note, for anyone who has or is about to comment that a Firewall can save you from malware connecting out. Please remember that when malware is connecting out or trying to that it's post infection, which means the main damage has already been done. When this happens, the only safest method of assuring no data is leaked (even if your firewall has claimed to have blocked it) is to disconnect your modem and router and start your cleaning methods and backup boot disc's. Reformat if necessary.

 

I have done similar with Win2k a few years back, but just for a month or two, no firewall of any kind, no router. I did however first close all ports by various means, so there really was no risk. Nothing evil happened of course.

Also keep in mind that even though you ran "naked" so to speak, and had ports open, there is a good chance your ISP had some of the important ones blocked. I know mine does this for 137-139 as well as a few others. That could have made a big difference in your case...

 

Hi, Seer, Kerodo and others for such quick responses. I came to an conclusion: I will stay with my NAT+firewall+SPI in router enabled-I really don't need anything else, except Avira Antivirus that I use.
But when I visit some more dangerous websites, I'd like to have a log of outbound connections so that I can manually block them-basically I only want a control over outbound connections so I can block them, if I suspect they are connecting to an weird address.
And please don't recommend me software firewalls for outbound control I want something that is like I don't know HIPS I guess-but do I really need HIPS for outbound control?
I simply want the opportunity of having detailed logging and manually blocking outbound connections if it's suspicious.
Thanks for your time and patience.