Can I get away with no Firewall?

Screamer,
(PC 1) is so resource constrained that I did not downlaod the McAfee FW and am just using Windows XP SP2 one. I surf safe. I think one can get by with just Windows. But I sure would keep the rest of it. You know... AV and some sort or resident antispy. Scan at least once a week.

Opinions vary but if your machine is tapped out the bare bones with some surfing care can work fine. It has for me without infection off and on for years with just Windows blocking inbounds, with no or little resource impact.

 

I'm behind a hardware firewall and have SSM with network rules enabled. I still run a software firewall (Kerio 2.1.5) to get better control over outbound traffic. With SSM on board, a simple rule based firewall is all you'd really need. Anything more would duplicate coverage. The network rules for SSM can either block or allow traffic for each process whereas a software firewall lets you decide where and how each app is allowed to connect.

A rule based firewall is a very small load on even the lowest power systems. Kerio 2.1.5 and SSM combined use less memory and processor time than an AV.
Rick

 

Hi Herbalist, I see you still run Kerio 2.1.5. I'm a bit confused so that's why ask this question: Is this the same (but older) product as the latest 4.5.916 version or is it an entirely different one?

 

About all the windows firewall wll do if you are behind a router is to stealth any ports that are forwarded on the router. It also limits communication between other computers on the local network to netbios. However, most network born worms spread using netbios.

As far as the outbound control issue goes, you have to ask yourself if what you are doing is blocking at the network level or at the execution level. Its not that hard to block the inadvertent execution of programs using some form of execution control, but if you want something to run, chances are outbound detection will not help you. This is especially true of firewalls that have good leak test performance using execution controls that are independent of network checks.

 

Hi Diver, I can follow your post up to this point: "...About all the windows firewall wll do if you are behind a router is to stealth any ports that are forwarded on the router. It also limits communication between other computers on the local network to netbios. However, most network born worms spread using netbios."

After that I'm a bit lost (I'm not that technical I'm afraid). Can you explain (to a noob) what you mean by the second paragraph?
Are you saying that a SF is not really useful behind a router? Or am I missing the point (I probably am...)?

 

Kerio 2.1.5 is completely different than the latest version. 2.1.5 is strictly a packet filter, no application control, HIPS, NIPS, File integrity checking, etc. Kerio 2.1.5 is not compatible with Vista. The most recent versions of Sunbelt/Kerio don't run on 98/ME. The present version is a 6.48MB download while 2.1.5 is 2.12MB. The difference in memory usage is even larger. According to their site, the present version uses 20-30MB of memory. On my Win2K box, 2.1.5 uses less than 4MB, light enough for any system.

Running the latest version with SSM would duplicate a lot of coverage. Kerio 2.1.5 complements SSM very well, both the free and paid versions. A lot has been posted about Kerio 2.1.5 not being good at passing leaktests. With newer firewalls, it's often the HIPS component that makes them pass the tests. When used with a separate HIPS like SSM, the test results are equally good, often better, and at less cost in disk space and memory usage. If 2.1.5 has a disadvantage, it's that it has no automatic rule creation so it can be a bit intimidating to an inexperienced user. For users who have a fair understanding of how internet traffic works, Kerio 2.1.5 is capable of very tight control. I've used it for years on my 98 units and have installed it on several XP boxes with good results.

There are several reasons why someone might not want to run a software firewall. With Kerio 2.1.5, a lack of resources or memory isn't one of them.

Rick

 

Kerio 2.15 has app control and integrity/version checking. At least it did the last time I used it.

 

Another way to put it is, Kerio 2.1.5 allows you to make app specific rules to control outbound traffic, as well as inbound of course... But it's first and foremost rule based as we all know...

 

Kerio can control the internet access of individual apps and processes. It does check the MD5 signature of each app wanting internet access and will deny it access if the signature doesn't match, but it does not control what apps can run or any of their activities other than their connecting to the net. It has no control over non-internet applications.
Rick

 

I think that's probably what I liked most about it....

 

I think a firewall is a necessity these days though the more security savy may be able to get away without using one.