Should I install a firewall?

Hi folks - I'm open to any reasonable suggestions with this situation. I have a desktop with a wireless network to a notebook - both access the internet through a Belkin Pre-N router. XP Pro both on systems. So a pretty typical and straight-forward set-up.

Background - why am I even asking this question?

I recently had to completely reformat and rebuild the software architecture on the desktop. I ventured onto a site (I assume) that infected the system with Trojan Gen-A (a.exe) and the kyryptik.YQ trojan - nothing was working to clean these out (SuperAntiSpyware, NOD32, etc) - not even an earlier XP restore point. The desktop system seemed to slow down quite a bit (notebook was uninfected), and links to sites via the Google results page took me to crazy places all over the internet. Reading posts about "partial repairs" and limited success with these infections convinced me to just reformat. So now I am left to completely reconsider my security framework.

Before this issue occurred, I had on both desktop and notebook NOD32 (ver 4, fully updated), fully updated Spyware Blaster plus Spybot, Sygate PWF, and Belkin Router with MAC-based security configured. Yet I still got nailed and am just happy that my data is intact (mostly on x-RAID NAS with Restrospect Pro backing up to two separate external drives).

So my question is...

I'm convinced I should put a firewall on at least my laptop - those times it is "on the road", it does not benefit from the protection the Belkin router affords to my network. I'm leaning toward Comodo or PC Tools to replace the tired old Sygate PWF(opinions welcome!). But is a software firewall merely redundant on a desktop? The desktop is, after all, behind the router firewall. GRC calls it perfectly stealth. And a highly-tweaked (albeit old) software firewall didn't help the desktop at all with this last infection. So I'm inclined to think it superfluous unless I am convinced it will provide a specific security advantage. Any other thoughts on my security set-up?

 

suggestions
https://www.wilderssecurity.com/showthread.php?t=254555

 

I'm not too knowledgeable, but I believe for stealthing ports on your desktop, a pure firewall would be redundant and I do not believe it would have prevented your previous infection.

Several firewalls come with HIPS (Comodo for sure at least) which you can use to control program rights. A HIPS might have alerted you to the infection attempt and allowed you to block it.

Some people do not enjoy dealing with the pop ups of HIPS. In XP you can use its built in SRP that is similar to HIPS. I don't use it myself but there are plenty of experts around. SRP or a HIPS can be used to create a whitelist of what programs can run and where they can write to. This could have blocked the infection.

Finally, if you believe the infection came from a website, you can use Sandboxie or a similar program to run your browsers sandboxed. Rather than stopping, it contains the infection to the sandbox, which you can delete after every session.

 

.
Have a look at Online Armor which has a strong anti-malware component along with standard firewall features. You might consider a behavior blocker, such as Mamutu or Threatfire as well.

 

a firewall cant protect you from being infected with malware - it only can
supress its working (outbound/hips). there went something wrong with
your current protection and that is in first sight more important than
installing another software.

you got infected from a website? then change browser or lift up its security.
my first choice ist firefox (99,9% usage), then opera (testing purpose, but impressive)

parallel to that you should examine NOD why it failed and where it failed.

best option to get out is a backup - an image - not a restore point (never trusted that)

 

Thanks for your input. Fortunately, I do have a backup program, plus I moved my data files over to my NAS (redundant I know) and rescanned then with NOD - just so I had a straight copy in addition to my backup. Most of my data information is on a NAS that I use as a file server, and that is backed up every night to external drives (2 differerent drives - alternating nights). So I think the data security is generally good.

As you suggested, I think I need to move away from IE and look at something like FireFox - any thoughts on Chrome or Safari?

Also, any thoughts on spyware (I know there have been ample discussions)? I'm looking at SuperAntiSpyware vs Malaware Bytes. The system HAD been using Spybot S&D plus Spyware Blaster (both which I JUST updated the day before the infection happened!). Hmmm - now I wonder just how effective THOSE solutions were...

I also don't image my drives - perhaps a flaw in my thinking, but if I have the program disks, then I am really OK with just reformatting and reinstalling the programs, then have them point to the restored data files. Three reasons for this:

(1) I guess I just don't understand imaging enough to be convinced of it (although several million can't be wrong?)

(2) If I caught a virus, who knows what other worms, trojans, etc I unwittingly installed earlier down the road that haven't yet raised their ugly heads?

(3) It's a good excuse to erase the accumulated crap off my drive and start anew with a fresh clean install - everything just seems to run a little faster and a little smoother (or at least I like to think that). And I'm pretty certain any malware that was there before was definitely swept away with a reformat (unless my MBR is an issue - but NOD32 says it's fine).

Thanks,

Lee

 

you only need one good solution for antivirus! NOT two ore more
(more only on demand like a-squared USB or Malwarebytes MBAM)

but first think about if you really need admin power.
LUA and a good antivirus is more worth than admin and best antivirus
(*best is relative - depends on signatures etc bla)

dont trust new or unknown programs -> sandboxie (free)

internet exploder is in fact one door for malware..
safari is based on gecko like firefox, chrome is new one.
i dont like chrome coz it owns you (big google brother is watching you)
firefox needs some attention to be perfect (there are some really good
extensions for security), opera is ready to use and less vulnerable as
firefox in the basic version. but at least firefox has the best option
for a personalized browser due to tons of addons - less knowledge
for much effort. check them all out!

always important - use brain.exe

in the last 12 years i never got infected again - only win98 before.
its fool but i work as admin...

 

Really can't say the last statement for everyone here. Fact is fact this stuff is dangerous and there really a need for protection. Light-med-strong-extreme protection most here have all levels of knowledge over this stuff. If we all could use Virtual System and thus go online and don't need protection then we would go back to the days of how it was online.

No need of a firewall, no need of anything kind of protection. Now most users don't understand the need for protection. That's why members like use need to explain them what they really need to do and why they need to do so.

 

Firewalls are also very fun to play and tweak with
always a learning experience..for sure

 

@tipstir - VM is ok, but what to do in it?
Surfing? What of it? Only Banking - or all surfing?
Or several VM - for each purpose another?
the easyest way for normal user is LUA (least-privileged/limited user account)
VM is a bit of paranoid mode
user who dont know how to saver surfing dont really have the knowledge to use a vm.

 

Well lets see how are you going to use the internet?
Do you just have one PC?

Most users just have one PC. They have to figure out what type of protection they can live with daily.

Online Banking
Online Bill Paying
Ebay Paypal Seller/Buyer
Stocks
Insurance

Anything you do online is monitored, sure most of the sites now have AES/BIT encryption. HTTS/SSL an etc. Still you need to protect your side.

VMWARE most of us use that both home/office still not everyone here going to be using that. Of course the cheaper way is to use Geswall and Sandboxie they're not perfect but good enough for now.

All these add-ons for Firefox can degrade it performance as that browser is already getting heavy.

Now you shouldn't be doing wireless banking at home if you live in a crowded wireless area already. If you live out in the woods then you're okay well still better to use some sort encryption still.

Back to the real world. You buy a computer, it comes with pre-installed software. Internet Security Suite which is good for either 30 days, 90 days or even 1 year before stops updating. Now most users don't even check to see if it working correctly until it's do late.

Firewalls don't have to be updated, unless they have some sort of extra protection in them that needs to be update or some sort of patch that was needed to fix a bug in the code.

Now for those of us like myself that have more than 5 computers where they are can say okay this PC is use for this, that one is use for this an etc. Then if you wanted you could use VM to just surf the web on a box you have deem for that purpose.

Again online backing should be done on wired connection. Still some of you here still feel it's safe to use the wireless for everything.

 

Software Firewalls are good for stopping your personal information (Passwords, Credit Cards numbers) being sent over the internet. Firewalls act like those tags that you see on cloths in shops - If you walk out with a t-shirt with a tag on it, The alarm is gonna ring! This is what a Firewall does, it ensures no connections on your computer goes out.

Off course, Firewall is just one thing... Following a Prevention, Detection and Cure approach will provide you decent enough security. Where:
Prevention is your first line of defense (Example, HIPS/Sandboxing).
Detection is your second line of defense (Detection, AV, is generally used to make prevention more easier).
Cure is your third line of defense (Example, Backup Image, Online Backup or Virtual Software).

I will have to respectfully disagree when it comes to saying "Switch from IE to this browser" - Security should NOT be a inconvenience for anyone, Security should be enablement, and having the right tools to protect you, It's not a browsers job. The reason why we have internet, is because we want to be enabled and install the things we want to install, off course, responsibility.

So be sure to have (Prevention, Detection, Cure) in your security arsenal.

 

Off course... .

For example: Sandboxie + HIPS is 2 layers of Prevention. Good enough. For me, Antivirus (detection) only just helps for usability. Cure isn't a defense... It's a CLEANING thing, Because there are still many people who are infected out there and need there PC's cleaned and recovered. But at the same time, Cure should always be part of of "the 3 layers of security"

You can also have a few DETECTION technologies to make PREVENTION more easier.

 

Since this one turned into an anti-malware thread -

- while I cannot say that I fully agree with the first part of your post, this statement here I totally agree with.

 

Yep.

The ones I gave are JUST examples!