Is there a huge need for a software FW?

Hi, I am new to this forum so i do not know exactly on where to post this thread...Sorry if I did.

Do I really need a software firewall if I only use a NAT router firewall along with a AV and Antispyware application?

The PC is the only one on my LAN and decided to disable file sharing as well, and also disabled the Server service too under the Windows Services in Admin Tools. Windows is patched, and esp do not surf "shadey" sites....I do not open attachments nor links in email that I do not trust....Disabled Autorun, and use the most strict lock-down Windows Security Policies in the Local Security Policy editor.

My setup is like this ever since with no software FW. Only behind a router firewall and never experienced a major infection in years or notice any system slow downs at all....

Will I be fine with no software firewall?

Also, I DO NOT let anyone use my LAN when friends come over with their laptops...THATS STICKLY A MAJOR NO NO!!!!!!!

OS: XP SP3

 

ur a home user so just keep windows firewall enabled and thats really all u need, 3rd party software firewalls are not needed when ur behind a router.

 

some software firewalls provide more control over applications trying to go online for any reason most firewalls in routers only protect you from threats coming from the web not the other way round

 

Yes, I am a home user. And yes, I have the XP Firewall enabled too. Buts thats only inbound.

I know that router firewalls just blocks inbound stuff, but If I keep my PC locked-down so that I do not get the bad stuff in the first place.
Also, I keep a fresh clean image of the Windows XP, so incase I ever have an infection, I can just restore the OS image.

 

thats the plan of action i wuld take, just keep ur system clean and u wont have to worry bout outbound, and if u do get infected, ur systems already compromised so it wont really matter. a software firewall in ur situation is only really useful for people who are a little on the paranoid side that dont like some programs connecting out

 

Thanks!!!!

Also, like I posted, I have created an image backup archive, so incase I do get a massive infection, I can just restore that clean image archive...

I do not like software FWs by the way, there just too annoying to begin with.

Also, I do virus/malware scans 3 times a week....

 

I am using Windows XP firewall behind a NAT router. Make sure your router password has been reset. The default password is usually "Admin." This is easily hacked. I also use Seconfig XP to close ports that are often targeted by malware. It is set and forget with no pop-ups and is free: -http://seconfig.sytes.net/?sv=1.1- You can easily revert back to your original settings if desired.

You should also consider some type of sandbox that will make sure any malware that may bypass your AV is contained. I use DefenseWall it is easy to use and has minimal pop-ups. Others are Sandboxie, GesWall, Shadow Defender, Bufferzone and AppGuard.

 

I'm behind a router and am running zonealarm for outbound control. I've got ms security essentials running and now using geswall (free).

Considering what's loose out there these days, I think it's wise to always have some kind of sandbox or a similar program that will protect your hard drive. Running something like sandboxie, bufferzone, geswall or similar is just a smart thing to do.

 

The answer to your question:
"Do I really need a software firewall...."
doesn't have a simple answer. It depends on several factors:

• The OS being used.
• How well your OS is secured.
• The value of the data the OS contains. What is the worst case scenario if some of your personal files became available to others?
• Whether the OS firewall (if present) controls outbound traffic.
• The number and type of users (with or without your permission) using the PC or network. If you aren't there, can someone else start using it without needing a password? Is the password known to anyone else?
• Whether your home network includes wireless and if/how well that wireless is secured (open, WEP, WPA, password strength).
• Your personal policy regarding applications and/or operating system components connecting out without your consent.

The last point is the one that usually decides your answer. It boils down to one question:
How well do you trust the OS, hardware and software vendors on your PC? Most of the time, there's no way to tell exactly what data these apps and system components are sending and/or receiving without having a packet sniffer installed between your PC and the web. That still won't help if the data isn't in plain text. Do you trust them enough to allow the software or applications installed on your PC to connect to their parent companies without asking you first? If you do, you probably don't need an internet firewall. If you don't trust them or you want to be able to choose which ones can connect out and limit when and where, then you should have a firewall.

 

I use Wireless Broadband, and only use the Vista FW and never had a problem.

All this hype about needing a strong 2 way FW is all marketing scam IMO. Just keep away from dodgy websites and dodgy programs, and you will be fine.

 

I would highly recommend a software firewall if you are using a laptop not connected to a trusted router.

 

perhaps but thats not what the OP is asking about.

 

In the last year or so, we've seen successful attacks against the DNS system, attacks on modems and routers, and an increasing number of legitimate websites being compromised. The results of the first 2 is that it's no longer assured that the site you want to visit is the site you'll arrive at. The last makes it possible for sites that were safe yesterday to be malicious today. It's now possible for any user to end up at a malicious site, no matter how careful they are. The users security policy and software should reflect that possibility.

 

When I first got online,I used Kerio PF,until I purchased a router. That was back running windows 98 SE

Since then,I've only ran a router + Windows Firewall

 

Seriously flawed thinking, in my opinion.

Burning Question Wired February 2011

 

Ok I missed read the ops question. I would still say yes. I know that this has always been a hot topic. After being infected a few times my firewall alerted me to the fact that something was trying to access the internet. Malware these days are all about 'dialing home' or trying to steal your information. I think that a software FW is just another layer to the over all picture.

 

Well, i dont use wireless at all....
However, I will test some FWs out there like OA, and Comodo and see how good these are. If there annoying, then I will just ditch these all...

 

Theres a need for fw's if you ask me. if you can configure the windows firewall its all you will ever need but just in case give a try to private firewall and put it to training mode

 

You see, and to be honest here, I do not trust these so-called "FREE" software FWs for some reason....I would rather pay for something that will give a more robust enterprise-level outbound protection as well as HIPS...Thats really all I need is outbound.

 

I trust freeware and Open source more than commercial software. Open Source apps are some of the best there are. I've used freeware and Open Source exclusively since 2004 and have yet to be compromised while using it. There's a big difference in the motivations of freeware coders and those that work for big companies. The first does it because they want to. The other because they're paid to. The first does what he/she thinks is best. The 2nd does as they're told. I learned a long time ago that the saying "you get what you pay for" doesn't apply to software.

 

unless a large amount of resources is required depending on type of software (eg. an AV) a single man team isnt gunna do all too well keeping up with sigs and developement

 

Firewalls, like many other apps, don't need constant updating. Except for IPv6, basic internet protocol hasn't changed in many years. Assuming compatible operating systems, a firewall that worked 10 years ago will work the same way now. Don't underestimate what a talented individual can do.

Now if we were discussing an AV or anti-malware, there'd be no way an individual could keep up. Then again, the big vendors can't keep up with the threats either.

On the other hand, the vendor of a payware app will use a substantial amount of their resources in anti-piracy efforts, which often includes many of the behaviors that users don't like, such as calling home. A substantial portion of the price tag will be for that. With freeware and Open Source, there's no need for anti-piracy.

 

Besides Linux and Wikipedia I don't think that there are a lot of ppl who really like to work for free.
Mozilla is making a lot of money with ads, I even know one of the persons who did the German translation of Mozilla sea monkey. And he did get money for it.

If you take a look at Open Office:
It is cool when you use it for yourself. But if you have a to produce compatible files for your job or for university you have no other choice than MS.

The rivatuner programmer is making a lot of money for programming for MSI in the last years.

And I don't think there are a lot of free tools in the IT security area that are really programmed because ppl want to be nice.

Or why do you think after those open source projects get some attention they suddenly try to install an ask bar or a google bar?

Everything depends on money and everyone needs it.
Sure, if you are a home user, you can really good survive without buying software at all.

And there some programs that are even better than any software you can buy.
But those are exceptions and in my opinion made by ppl who try to get attention or try to sell Pro versions of their software later.

 

Considering the Internet provides the the predominant path for attack vectors these days, I insist on applying outbound rules for all applications. Except for Firefox and Thunderbird the rule is "Ask" for all in and outbounds, all ports, all protocols. I have seen apps that go out to "check for new versions" every time they start up even if that option is disabled. Last year I upgraded a high end (hundreds of $$) video editor and the brand new version installed by default a Windows System service (automatic startup type!) connecting to the vendor's server farm on port 80 even if the app is never opened. Emails provided the vendor's explanation - to "make sure" that "extra libraries" could be downloaded "in case I need them." Fine. Except I own their top of the line "full" version. Windows' firewall would have alerted to that, but if you have it disabled... A consumer-grade router would have no protection from that at all.

Thunderbird gets only the secure outbounds it needs for specific IP addresses, port 443 is "Ask" and everything else including 80 is blocked (I don't use TB for Web mail).

Some other apps are fine-tuned as necessary.

For Firefox I allow outbound to TCP ports 80 and 443 only and "Ask" for all in and outs, all ports, all protocols. Unless the site you're accessing is providing a trusted benefit, there is no reason whatsoever for a Web server to need anything else (the now rare need for FTP port 21 excepted). Here's a sampling from my surfing within the last week (actual IP addresses are masked):
c:\...\firefox.exe Access network TCP [Local host : 6473] -> [nnn.nnn.nnn.nnn : 82]
c:\...\firefox.exe Access network TCP [Local host : 12600] -> [nnn.nnn.nnn.nnn : 843]
c:\...\firefox.exe Access network TCP [Local host : 6396] -> [nnn.nnn.nnn.nnn : 1935]
c:\...\firefox.exe Access network TCP [Local host : 31915] -> [nnn.nnn.nnn.nnn : 81]
c:\...\firefox.exe Access network TCP [Local host : 14731] -> [nnn.nnn.nnn.nnn : 58362]

Yes, I know port 1935 is for Flash content and I deny that except for lengthy content (Hulu, etc.) and not for the likes of two minute news items or the brain-dead you tube crap my friends send me. (If implemented correctly by the provider, if 1935 connections fail, content will stream on 80.)

More interesting is this connection:
c:\program files\mozilla firefox3\firefox.exe Access network TCP [Local host : 1109 (kpop)] -> [127.0.0.1 : 1108]
I know when staring up Firefox creates four local connections which I allow manually (yes, that's tedious). But this particular connection occurred long after I opened the browser and while heavily searching for an obscure fuel injection part.

Curious, I opened the site on a test system, allowed the 127.0.0.1 connections and...
c:\program files\mozilla firefox3\firefox.exe Send message to another process c:\windows\system32\csrss.exe
I allowed that and a trojan began to download (my AV did intercede). Now that kind of alert will evoke only if your firewall or AV suite has some kind of intrusion protection and you don't create a global rule allowing, in this case, "Send message to another process."

So, to answer your question: How much work do you want to do to protect your system?

For the extra work you will stop that class of attack vector at the perimeter rather than trusting the threat will be addressed by your layering further downstream - hit and miss at the best as evidenced by latest rounds of testing. The learning curve associated with this level of protection is very, very steep. Unless you're already savvy with Windows Networking and TCP/IP. Given there's no likely quantum leap for security apps in the near future, learning those disciplines is in your favor especially if you wade further and further into the depths of Internet commerce and financials. And warez and pr0n.

BTW, the firewall/HIPS here is Malware Defender. And a router, of course. And at least weekly backups (scripted copy to external drive) and bi-weekly system imaging (TerabyteUnlimited Image for DOS).

Good luck in your decisions.

 

The website cannot do anything if you are smart and disable javascript. I use Firefox + Noscript, problem solved.

And if I need to access a website with javascript, then I run it through sandboxie, problem solved.