After reading a hacker's blog,I feel it's so hard to be safe.

Well, this is theory and speculations. Does anybody have any figures, statistic or something ? As for me I never used HW firewall and never felt any difference in performance between linked and unlinked computer. Why ?

 

No it's fact. All unsolicited incoming connections are dropped by the hw firewall, taking all the load off the software fw, thereby decreasing the resources that would otherwise be used on the pc to handle these connection attempts. The impact may be very minimal if using a software fw for all incoming traffic, but it's indisputably there, especially if logging is enabled for all types of traffic.

 

Impeccable logic there
The fact is that if the system gets 'destroyed' a few minutes loading a good image and sanity is restored.Keeping all important data off the system drive and the whole thing becomes nothing more than a minor irritation.

 

Ummm..., no, it's not. It's a simple statement based on how these devices function.

Blue

 

I agree in fact I find it fun To trash a system then build it back.I feel confident enough from what I have learned that nothing can touch me or at least for long.At this point in Time I have imaged and restored with 100 percent success a dozen times give or take but by choice and by no means forced to from infections and if the images fail oh well **** happens.I think the most to worry of is identity theft,banking safety etc.If one takes proper pre cautions we can do all this with success 99.9 percent of the time with out incident.IMO if one surfs adult site,downloaded cracks and so fourth then goes online banking,Well then perhaps one should be paranoid.IMO paranoid is lack of confidents or at least a mindset

 

System backup images solve the problem of having to remove malware infections and are good for undoing user experiments that don't go as planned, provided that the user keeps their backups fairly current. The problem then becomes when to use them. Daily, weekly, each reboot, as needed? Using them "as needed" gives the user the problem of knowing when one might be needed. Modern malware hides very well. A user can be infected and never know it unless they regularly run rootkit detection software.

The other problem with relying on backups and images for security is that they offer no real time protection. A user could easily become infected by a keylogger or password stealing trojan between backups and have personal info stolen before they use the backup image. Malware doesn't have to be permanent to be costly.

Reboot to restore and system backups would be ineffective against another Slammer type worm that infected PCs within minutes of their going online. I seriously doubt that Slammer was a one time oddity that we won't see the likes of again. IMO, a system that relies on system backups or reboot to restore software still needs real time protection to protect it from malware that doesn't get installed to the hard drive, but lives in memory.

There is no single method of securing a system that doesn't have some weakness. Reboot to restore is vulnerable to short term and memory resident malware. AVs are vulnerable to missed detections. HIPS is vulnerable to user decisions and weak configuration. When they're used together, ones weakness is anothers strength. The most effective security systems don't rely on just one line of defense.

 

Absolutely! That's why I'm also an advocate of application control software firewalls such as Outpost or Jetico for control of outbound traffic, as well as antivirus software.

This ought to be a sticky somewhere

 

This is what I talk about. Impact is INVISIBLE. Since this is invisible, is there really anything to worry of ? I guess disk defragmentation has more sensible impact, still most people do not care. Additional RAM has more sensible impact, still people do not care much.

 

I mean my initial statement "HW firewalls are overestimated a bit". I do not argue it can stop some traffic and have some impact on a system performance. I only want to know that impact expressed in accurate figures or at least half-accurate figures.

For example:

"in general case HW firewall saves 0.01-0.02% of CPU resources and 0.0001-0.0002% of RAM resources" or something like this.

 

By keeping only Windows + programs on the system drive and all saved data elsewhere,it's very easy to load a clean image,update everything,then re-image,to be reasonably confident of always having a clean bassline to deal with.
The frequency with which you restore from that image would be dependent upon a few factors such as the activities undertaken and technical expertise of the user.

 

Alex_s I don't know if this helps or just adds to the confusion ?

I have been using Broadband now for just over 5 years using the same Netgear DG834 and Firefox. For most of that time I have NOT run real time av or as or hips and have only once or twice tested a software fire wall. even when I did run AS or av they found nothing.

Perhaps I'm wrong and the Harware firewall is of little use ?

I guess I have to conclude either that:

(a) The firewall and FF are enough or
(b) threats are very much overrated and I have never been attacked
(c) threats are real - I have just been lucky
(d) some combination

will report back in another five years but even before BB I had 7 years with dial up and still couldn't catch a cold

 

I would say that although the threats are hyped up,they do certainly exist.However,I'd guess that for the users of forums such as this it's fairly unlikely that most would find themselves too badly hit.

It's the majority of users running very insecure setups,blissfully unaware of the problems that are being hit hard.The fact is the security of their data is way down the priority list of the majority of users,well below watching funny videos or playing cool online games etc.The simple truth is elaborate hacking methods aren't required most of the time,simply inviting the user to install the malware themselves via an 'install this codec' prompt or similar works very effectively indeed.

 

I think the only way you can be infected with FF or any other browser is to intentionally start something dowloaded by FF (or any other browser). Other theoretical way is flash. There are some exploits demonstrating flash can be used to execute unauthorised actions (let us take clipboard exploit as an example).

Just yesterday I googled to find a "crack" for one program. I didn't really need a crack, it was just our of curiosity, was it really cracked or not. The first two "cracks" I found were the true trojans my AV missed, but HIPS immediately reacted when one of them tried to create dll in system32 and the other tried to create sys file. At this point the both were successfuly blocked.

Could FF and HW firewall help me ? I'm afraid not.

 

This morning I put my hand in a pan of boiling water and noticed that my hand got burned and that the new hips program that you had recommended so highly did not protect me.

you are confusing the possability of infection with the probability. If you had not gone looking for cracks all would probably have been well. Refering to the original title of this thread it is not hard to be safe - you deliberately tried not to be safe.

 

You have missed the main point. This was just an example of how true content appeared to be not it pretended to be (cold water appeared to be hot water). Though, even in this case correct security setup prevented any damadge. Actually it can be anything, new diskdefragmenter, new browser, new game, new taskmanager, new archiver. There is no way to be sure downloaded content is safe until you run it and see its behavior. Oher way is to wait until other people test it and say "this is good" or "this is bad". But I do not like to be relient on others, I regard it as very inconvinient limitation.

 

Download content from known, trusted sites, usually the product vendor, and you can be about 99.785% it's safe Yes, there will be arguements of "the site could be hijacked or dns poisoning has mislead you to a rogue site" ...whatever, but we're talking of infinitesimal small odds here. This common-sense approach has never once failed me.

 

Then we appear to be missing each others point. you deliberately went looking for trouble and found it. I deliberately try to avoid trouble and have done so without all the security programs "on sale". Whilst I accept that any new software can be contaminated I also argue that years of being careful in what I download and from where has so far saved me. If I think there is any real risk I will fire up Shadow defender but I am trying to stay OT. The OP is not feeling safe because the risk are being exagerated rather than because they may do damage.

sorry if I'm repeating myselfBUT when was the last time you were contaminated or one of your security programs stopped a danger ? testing doesn't count. How often are you contaminated ? unless you answer last week and on a regular basis is it not possible that there is less need for security than you think ? Hardware firewall and FF is more than enough for most especially when backed up by something virual and a few good images.

 

I was not looking for trouble, but it appeared that the thing I was looking for cannot be dowloaded from the trusted source.

Two days ago. Also 6 monthes ago I needed D7 installer. D7 is abandoned long ago, also you cannot buy it, so again, there is not trusted source to download it from. So I downloaded it from my LAN using P2P and it appeared to be infected.

I'm not sure this setup is "for most". Most modern users hardly imagine what is "trusted source". Moms, dads, childrens, grandmas. And even those who knows sometimes need to get something that cannot be got from a "trusted source". As for backup, there is also one sensitive moment. Full backup erases your data, partial backup may appear to be not safe. Also managing multiple backups is a bit troublesome and timeconsuming task.

OK, now what I talk about. There is not just a single safe and convinient setup for everybody (including HW firewall + FF). Depending on what a person does with his computer and on how experienced he is optimal security setup can differ much. I cannot regard HW firewall + FF as safe setup for most users because the only security layer in this setup is user himself, and most users I'm sure are just not experienced enough to be good security layer. For most users HW firewall + FF is the same as built-in firewall + IE.

 

thats why is good idea to configure you hips programs to reject any executable files to write to the hard drive pasword protect the app,so for security.denny all and only allow what you think is safe and before that virus scan it