Hardware Firewall best??

I use a cheap D-link router and I have 59 process running including Outpost firewall. I have a GB of quality ram. My system is far from slow.

 

You could say the same thing about using an AV. Are you running without an AV too?

 

We all, its been months now. Still running the Fortigate 60, Ghost security(app/reg), and safensecure. My system has had zero crashes, and I have zero addware/ greyware/ trojans/ viruses, ect.

Before when I ran things like Outpost, I would have to reimage my drive once a month. MOnths later no problem without a software firewall/ AV.

I know everyone on this board thinks you need outbound protection...I think I have showed you dont. All programs like outpost do is clog your system.

I will be software firewall free in 2006. INbound protection ....say it....Inbound protection....Process control....breatheeeeeee....

 

Budfox,

I ran for a year with CHX, no probs, only inbound and maybe just outbound with AH, now I have a router so no CHX but P2P is forcing me to look into the CHX way again, router just can't handle all the connecitons unless I buy an expensive D Link game fuel or Zyxel 500.

 

Speak for yourself - I have run Outpost for 4 years and never had a problem requiring a system restore, even with beta builds.

As for the security benefits of outbound traffic filtering, I have summarised them here - application execution control can be a substitute if you fully trust the software you run, but a warning about program X attempting an IRC connection to an address in Eastern Europe is still likely to be a far better warning of malware activity than one about process modification for most people. Running two sets of process protection software plus registry protection greatly reduces the chance of any malware install but this is also an option better suited to users familiar with Windows internals (in particular, the significance of certain registry keys or process manipulation attempts).

Since you have mentioned it, it is worth noting that SafeNSec has specific requirements - notably those of annual renewal and online activation (with a limit on the number of installs before you have to apply for a new key from Star Force) so the monetary cost is unfavourable in the long term. Similar programs like Online Armor (this also requires online activation), Process Guard, AppDefend and SSM do not require annual renewal so those should be worth considering by others choosing to follow this route.

 

Apologies for disturbing you further, but if you are running Ghost Security's AppDefend, then that indeed does include a software firewall (albeit a simple one) since it can allow or block network access.

 

Not to mention network activity monitoring through SafenSecure version 2.0 level as well...

Blue

 

Is it so easy to leave CHX for a simple hardware thing?

Regards
joter

 

I can see where BudFox is coming from. I have an antivirus, Spybot S&D that I run every couple of days, and am trialing the latest McAfee Desktop Firewall on my system. I use ccleaner to clean cookies and other junk each night. That's it.

In 10 yrs on the Internet, I've had about a dozen attempts by nasties to get into my system. All those were in the days, years ago, when I prowled Warez sites. In the past few years, my antivirus has found nothing - and I'm addicted to changing antivirus almost as often as firewalls, so my computer has had 4 different antivirus in the past 4 months. None has found anything.

I think computer security is important. I also think common sense surfing habits are 75% of that security. If you go where the bugs are, they'll find you. I'll continue to play with firewalls, antivirus software, and other security related software as well, but my main security defense is going to be that thing between my two ears.

 

Not at all Joter, very difficult, once you have used CHX, its kinda hard to contemplate life without it.

 

That is the ideal position to be in - if anti-virus/trojan/spyware scanners are detecting anything other than false positives, then it means your security had a breach in it. If you are familiar enough with how your system behaves, and have a tightly-configured setup then you could rely just on firewall/process control software and dispense with the scanners, but this option is not for everyone.

 

PAranoid....thought i was speaking for myself. You have got into me about "attitute" on this board...Again just trying to spread the word that IN MY OPINION outbound protection is completely overrated and not necesary in a safe system.

You must not be doing well in the market!

 

439q8w ---> As far as this is good for you it's ok. I found my system running much lighter and faster (booting and operating) when disabling a lot of services I don't need. Currently I have 16 processes running on my machine, including Miranda (IM), NOD32 (AV) and OP. Some Windows services can be potentially dangerous. You say your system is far from being slow, well, but for sure it is far from being fast.

 

It is an old wives tale that router-gatways don't block outgoing.

I know for a fact.... some do block on certian ports.


controler

 

Well everyone...its been months now...many new exploits (sonyrootkit, XP metafile, ect.) and i am still clean using only outbound protection.

I will NEVER go back to a software firewall/ AV ever!!! A hardware firewall in my opinion is best.

Hey Paraniod, what do you do for a living besides post on this site? Do you work for the ocmpany that produces outpost firewall?

 

If you have no arguments, just feed suspicions.
nothing more to say, budfox.

Regards
joter

 

It's not a firewall's job to protect you from those particular exploits you mentioned.

 

Hi BudFox .
You need to understand that you are fighting a losing battle in here . I completely understand your points and they are well taken . ANYONE with a good knowledge of computer security can attest to what you are trying to convey . Everyone else wants to argue because their opinion is different from the facts you present . sad but , that is how it works . very few seem to understand the difference . Because someone believes in something , does not make it right . You , however , are speaking factually . let it go . they will argue you into the ground . For me . I do not follow your " guide " of securing my computer . That does not make me tell you that you are mistaken . You are indeed correct . I just choose to use a little more " stuff " than you . lol .
Now go play , be safe , and worry no more about the ones that do not understand . Some do . Some do not . Oh well . Such is life

 

No, I think it's just a normal response to his chest thumping. I'm also running with only inbound filtering (albeit software) and process control and I also find his tone annoying.

 

Hi Brinn .
Sorry . I understand . I see your point as well . I was just letting him know I completely understand and for him to just let it go . I really had no comment on the tone . I see where you are coming from . Now I will let it go .

 

I'm not so much worried about whether a hardware firewall is better than a software firewall, but whether a software firewall provides any more security than Minesweeper. I came across this opinion http://samspade.org/d/firewalls.html and now I'm wondering if its time to (panic) buy an NAT router ?

 

heres two previous topics on it, if ud like a nice read:

https://www.wilderssecurity.com/showthread.php?t=87546
https://www.wilderssecurity.com/showthread.php?t=3467

IMHO, there is no perfect security but if u configure ur software firewall correctly then ull do fine. i dont see any reason to be discouraged from using them. however itd help u to learn about securing ur system and knowing legitimate files from malware because the best security is knowlege and safe web habits.

 

Thanks for the links WSFuser! It was as they say a healthy read. I'd no idea that page had acquired such notoriety during its many, many, many years on the web. It did occur to me that it would be front page news if it were true.

 

Paranoid ive seen you before sir..... Your one of the main Beta testers at agnitum forums arent you? I love reading your posts there.

I love outpost man, love it dearly. Im so waiting for a 64 bit version to come out. I feel so out in the cold without a firewall.

Peace..

 

ROFLMAO. All I had to say to that was it's "5" not "3". xP

Oh and "P|-|34R |\/|Y |\|33D 4 B33R."

It truly bored me to read this thread, because I thought I would get something out of it. I did not see that happening. Anyone in the world is smart enough to keep their computer clean. If you really want to have useless competition, 2 years on my current computer computer, that ran NIS [completely outdated btw. I was way too lazy to buy subscriptions to new signatures.] 2 years on AVG [also outdated definitions because I couldn't get the damned thing to update], no firewall, didn't know what a trojan was, HIPS?? New word in my dictionary. Inbound filtering? Oh, you mean that Windows firewall I turned off because it was getting in the way of my gaming? Oh, and no reformatting ever [yes, a copy of Windows XP that ran stable for 5 years without a format. Impossible? I think not.], exploring the world of cracking via Internet explorer. Scanned my system a few months back. Found about 2-3 "spy cookies". It all depends on you. If you get exploited, sucks to be you my friend. If you do, then poor luck my friend. It's not inevitable, but it's all a gamble. Some of us just like gambling with better odds. So we actually protect our computers. If you feel you don't, good for you. No one here will force you to get firewalls back on your system. We just try to offer some experienced advice. Enjoy if you want. Leave if you don't.