Really Needed?

in the modern age today, is an extra software firewall REALLY needed if you already have a hardware one? cause tbh i don't think a software firewall will stop hackers.

but id like to see your reasons why a software firewall is needed? discuss

 

If you are just talking about inbound, you wont need an extra one because the XP/Vista firewall will do you fine.

 

This question has been asked over and over, and the answer is always the same. It's up to you. If you have a router, then the only thing a software firewall will do for you is attempt to catch outbound traffic. If that's something you want, then use one, if not, then you don't need it.

 

Please explain how hackers can get by a software firewall into your computer.

---

 

Personal firewalls won't block much - and the software it's self may introduce new vulnerabilities with it's own bugs.

"Personal Firewalls" are mostly snake-oil.

 

You didn't answer my question.

----

 

But still no explanation how a hacker can work around a software fw and take control over the computer from the outside without using a trojan ń stuff. That would be more convincing info to prove a point for noobs like me.

btw even without a firewall it seems to be pretty hard to get infected ime. I have exposed a unpatched XP to the net for almost two days straght when I wanted to see if it was true that it would take 30 seconds for the worms to do their stuff. Someone told me that most of the incoming bad stuff is blocked on the ISP level anway, so maybe a hardware firewall is of no more use than a software dito whem it comes to inbound protection?
Isnt it so that even if someone finds open ports on my computer he cant do anything with them unless there are software with bugs that allow commands from the outside?

I would like to play with a hardware firewall but they are way too expensive if I want to utilize all my 100Mbit.

 

When you look at the current exploits, they are all easily blocked by a firewall. Most recently:

MS08-067 Worm in the wild?
http://isc.sans.org/diary.html?storyid=5275

ms08-067 exploitation by 61.218.147.66
http://isc.sans.org/diary.html?storyid=5288

Any properly configured firewall will block a probe to unauthorized ports. From my log this evening:

 

I did the same for 4 days w/o a firewall with Win2K several years ago. It's secure if you insure that all ports are closed -- no services opening ports.

NOT to be recommended, of course, but just to demonstrate that a closed port is a closed port, whether done within the Operating System, or with a firewall. A firewall is a much easier and safer way of doing it for most people.

 

Yep, several of us have done it. I did the same, no firewall at all, on Win2k for over a month, nothing happened. Of course I tweaked a few things so all ports were closed.

And yes, even if ports are open, in order for someone to do anything from the outside, there needs to be a vulnerability in the service holding the port(s) open for anything to be exploited from outside.

And yes, ISP's often do try to block the more commonly exploited ports and traffic, although many do not. You'd have to check your own ISP to be sure.

A router is good enough, and if you're running a software firewall alone, and it's blocking all ports properly, then nothing can get in either, "hacker" or othewise...

As has been said, a closed port is a closed port...

 

Indeed!

Interestingly, back in Win9x days, some people warned of unsecured ports. It just wasn't talked about much in the mainstream media.

Often missing in so much of the sensational articles about the dangers of exploits these days are simple preventative measures that could avoid such mishaps, negating a zero-day vulnerability. And often, the prevention is just basic firewall security.

In looking back at my notes from a couple of weeks ago when the MS08-067 exploit broke in the news, there is this revealing comment by Microsoft's Michael Howard in his blog of 10/23:

MS08-067 and the SDL
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx

The MSBlaster worm exploited Port 135. The Sasser worm a year later exploited Port 445. The recent MS08-067 worm exploits Ports 139, 445.

I agree with your comments about router and software firewall. In my log this morning, from Russia with love:


______________________________________________________________________________


References

MS RPC, port 135, DCOM buffer overrun and the Blaster worm
http://www.keyfocus.net/kfsensor/help/AdminGuide/adm_RPC.php

eEye Digital Security - Research -- ANALYSIS: Sasser Worm
http://research.eeye.com/html/advisories/published/AD20040501.html

More detail about MS08-067
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

 

The only reason I use a software firewall is to monitor for outbound applications. I want to be the one asking if there is an update. Leaving the fw in rules wizard alerts me to many apps that automatically 'phone home', and then I can stop that behaviour.

I also like a firewall that has a good log. Many times I use this to add a host file entry to something that has no feature to turn off the update portion. Or just sometimes to be curious as to what is going on. My rules are easy, they consist of Allow, Deny or Allow Local.

But I agree overall that they are really not needed with a router or hardware firewall.

Sul.

 

If for some reason I had to choose one, either a software or hardware firewall, I'd choose the software firewall just to have the ability to control traffic for each application. My hardware firewall is a fairly recent addition. I ran just a software firewall for many years with no problems. Nothing ever bypassed it or killed it. The terms "hardware" and "software" are somewhat deceptive when it comes to firewalls. So called hardware firewalls are installed on separate hardware with its own OS, usually Linux based. Software firewalls run in Windows. Both are actually software firewalls. Software firewalls are vulnerable to malware that gets downloaded and run in Windows, attacks from within that are usually the fault of the user. If Windows is clean, the software firewall will do its job.

 

The only reason i use a software firewall is for protection on a LAN. If i'm at home i don't use them but if i connect somewhere else then i do.

 

LOL...paranoia ala carte
I've been blessed for many years with a FREE software FW...I couldn't ask for a better one.
Although I'm sure there ARE better ones out there. I tried a couple others but couldn't
deal with them, as I am not very smart with certain technical things.

So far (knock on wood), I really had no particular problem....I can see when something wants out, unexpectedly or In.

My pc is like 4 years old - never ..uh...reformatted and with my FW and a couple other security progs, my putie is running fine. (Maybe slightly slow, but age does that to you)

All in all...no hardware Firewall needed. Not for me.
I hug my pc every day for being sooo good to me all those years.
Aeh --- ok...I also pay respect and bow down and ..uhm...thank...him..?....? ...I mean...my faithful PC, OK ! Gee........

 

i just added a software firewall to my computer even though i'm behind a router my isp told me its a good added layer. just in case something i d-load was infected and my AV did not ketch it my firewall would when it tryed to phone home. so i see it as a extra layer.

 

What kind of isp do you have if I may ask...?
Mine never communicates with me...

 

Stupid question for all the know-it-alls.
Sorry.

 

Hello,

Why isn't the software fw sufficient? How exactly are the evil matrix hacker gonna get in?

OT, it's a matter of choice; if you want one, use it.

Mrk

 

This question arises here every two weeks. Isn't it a time to FAQ it ? (rithorical question).

Short answer: it depends. If you have nothing valuable on you computer and can painlessly restore from a backup than you need nothing but pure system and backup software.

 

Not including HIPS components or any other additional functions found in firewall suites, referring to just the internet firewall itself, here are some things a software firewall can do that a hardware firewall can't.

A software firewall can:

• Allow one application or program to receive incoming traffic while blocking incoming traffic for all the other software.
• Limit one applications internet access to a single IP or range of IPs while allowing another to access any IP.
• Prevent applications and system components from connecting to specific IP ranges while allowing them access to all other IPs. Useful for preventing apps from calling home and still giving them internet access. Also blocks adservers from specified IP ranges. Useful for applications that display advertising on the user interface.
• Limit individual applications or system components internet access to a specific port and/or protocol.
• Allow, block or limit local (loopback) connections for individual applications. Useful for forcing the browser to connect through a filtering proxy like Proxomitron. Also defeats some malware.
• Alert when a system component, application, or malware tries to access the internet for the first time.
• Log internet activity for individual applications.
• Quickly block all internet access with one or two clicks on the tray icon.
• Verifies the MD5 signature of the applications and components seeking internet access and notifies the user if they change.

There's plenty more. This is just what I can think of offhand. Software firewalls are extremely useful security tools.

 

Why would you need to do any of that? I dumped 'em years ago and have not missed them since..... no need....

 

Indeed a good idea
But this is just ME. I'd never store anything too valueable on the pc.
Just don't trust it, FW - back ups or not.

@ noone_...that's how I believe too.
I also believe in Layered pc protection. Like so many people here do - there's a thread or two - or 3 - 4 (?), about this. A FW and Anti- virus is of course not the only thing we should guard the computer with.
I'm sure you know this though.

 

I did the opposite. I've put strict controls on internet access with Kerio and equally strict controls on processes with SSM. To this I added detailed content filtering with Proxomitron. With these in place, I've removed all AVs, ATs, antispyware, and all other signature based detection software. No need. I don't have any virtualization, sandboxing, or behavior blocking software either. Again, no need.

 

Been running behind a NAT router with Avira Premium and till now I haven't got infected. Of course I do practice safe surfing and from time to time, take a netstat reading to see if anything suspicious is going through. A good AV with well designed HIPS is all one needs behind a router, why slow down your traffic and have multiple pop ups to deal with, also firewalls, specially the paranoid ones put load on CPU and file sub system, unless one really surfs at the darker side of the net, its not really essential.