Are software FireWalls necessary??????

Discussion in 'other firewalls' started by Grasshopper, Nov 12, 2003.

Thread Status:
Not open for further replies.
  1. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi all ,
    I've been reading and trying to learn about my computer and the security programs necessary to operate it safely on the web for about a year now ,
    I feel I understand the necessity for Antivirus , Antitrojan and antiworm programs or at least one that covers all the bases.
    Based on reviews ,( a lot of which I found at Wilders but also other places )I am now using NOD version 2 and also the Diamond CS products TDS , Worm Guard and Port Explorer ( I felt the trio package was well worth the money ) I use these products as best I can and with the help of these forums I believe I am very well protected.
    Now my dilemma ,
    I have been reading as much as I can about Firewalls both hardware and software, and find so many people have so many different opinions about what really works , most agree that a hardware firewall works best but if I were to chose to go with a software firewall I'm in big trouble . A lot of what I have read tells me that if I do not know a great deal about how a firewall works (rules making and so on), it would be absolutly usless to me and a waste of money .
    If I were to go with one of the firewalls that set themselves up , it would be the next thing to leaving a door open and I would have a false sense of security and no real protection.

    Are these statements generally true or am I missing something o_Oo_O??


    Thanks for any input .
    Frank.
     
  2. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
  3. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    IMHO you're not safe without a firewall even with an AV and DCS programs.
    A software firewall is a must for protecting unwanted outgoing connections and a hardware firewall (sometimes included in your ADSL modem) keeps your software firewall logs clean from Internet probes. :D
    I use Kerio 2.15 as my software firewall (free) and it has a learning mode, so you won't have to create the rules yourself.
    By looking at those automatic created rules, you will find it easy to modify them and/or create your own.
    Dolf
     
  4. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    some more interesting threads
    http://www.wilderssecurity.com/showthread.php?t=5475;start=0
    http://www.wilderssecurity.com/showthread.php?t=5098
     
  5. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I probably know enough about Win2K SP4 now to lock it down tight enough that under normal circumstances, I would not need a firewall.
    However, I am human, and as such, I am not perfect. Therefore, I use my brain as my first line of defense and strong security software as an added line of defense. Included in that is a firewall.
    Remember that exploits exist because intelligent programmers were not able to foresee all possible routes of entry that others might use. Unfortunately, security has become more reactive than proactive.
    Ones security practices should be as proactive as possible, but there is nothing with using a firewall as an added layer of defense.
    I still see people posting that they don't need no stinking AV. How wonderful it must be to be so Godlike. :D
     
  6. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi all ,
    Thanks to those who did reply , I appreciate the effort but as I said in my origional post I did do a lot of reading when I could and that reading included the threads posted .
    I know this subject has been hashed over many times but I had hoped there would be something new to add ,I guess not .
    I believe Root is correct when he said our best defence is knowledge , but for someone like myself who does not have all the time needed to gain that knowledge , (weather it's because I don't have enough grey matter or just because my time is taken up by things I consider more important ) It can be frustrating .
    I will continue to read (time permiting) and hopefully some day I will be able to help myself and possibly even someone else . We may never get close to a black or white answer to this question but sooner or later I'll gain the knowledge needed to use some of the better firewalls out there. Until that time I'll have to keep looking for answers from those who are more adept than I am at such things

    Thanks again,
    Frank
     
  7. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I don't think either of these statements are generally true. I trialed four firewalls and settled on one (more on that in a minute). The experience taught me that firewalls can be terribly complicated (to the point where I wonder how an expert could recommend using one to a novice) or very easy.

    An example of the latter would be Zone Alarm or Zone Alarm Pro. The fact that you've deliberated on AV's and AT's demonstrates that you've got more than enough brains to use this firewall. Is it so simple that it is ineffective? Clearly, no. There are detractors of every FW here at Wilders, but there are also plenty of folks (more clever than me) that rely on ZA. As far as I know it even does very respectably against most leaktests - if you believe such tests are useful.

    During my trials, I found a couple of firewalls that were either too complex for me or too much of a burden. I settled on Outpost because it presented a learning curve that I was comfortable with. Above all, that is the criteria I would recommend to you; try a bunch and pick one you think you can learn to use and understand in a reasonable amount of time.

    In the end, I have learned in a few months far more about security from observing how my SW firewall works (reviewing logs, etc.) than my AV, AT, router, etc combined. Even if your SW firewall isn't effective (not likely, IMO) the knowledge you'll gain will be well worth it.

    Regards
    Optigrab (no genius, me) :p
     
  8. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Are we talking about No antivirus at all, or just no on access antivirus?

    If the later, you can consider me godlike. Heck you can even consider My Dad who doesn't know much about computers godlike. :)

    Come on, live a little, what's the worse that can happen? Excessive reliance on software can lead to a false sense of security...
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    The worst that can happen is that you will need a new motherboard if you get a virus like Chernobyl.
    That old crap about excessive reliance is weak. It is not the exploits one knows about that poses the most danger, it is the new ones that we don't know about. An AV can react much faster than an operator can if something starts messing with your machine.
    Because I have an AV and Firewall running on my machine, please do not insinuate that I am dropping my guard and computing recklessly.
    If you or anyone else wants to use the net without a resident AV, that is your call. Please remember many new people visit boards like this and do not have the knowledge to secure their computers without the help of security software. By giving someone the impression they are lame if they use security software running resident, that it is wrong, useless, or leads to dependance on programs, is to do a disservice to those that need protection the most.
    I come here to learn and to help others learn how to use computers safely and still have fun. That last impression I want to give someone coming to this board looking for help is that they will become dependant on some security software if they use it in a proper manner.
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Oh, so you are now hoping your AV is godlike... Yeah that's so likely.

    That was not directed at you just a general observation of people who blindly trust their AV and open obviously suspicious attachments which their AV have cleared.

    Obviously, but my reply was to YOU, It's a personal call really about security, but given that I know relatively little and I have surivived all these years without problems, I submit you can certainly surive for a while at least before some virus destroys your mother board without being godlike. :)

    You might be too paranoid (okay have a low apetite for risk) to do so, but do not think it's impossible to surivive without running a zillion software.

    There is no danger of that here. If anything, there is an over-reliance on software without any understanding.
    When people make statements like how they surivive without x,y,z it is always in the context of the user being relatively knowledgable or careful.

    How many times have you seen someone post a thread about "how strong his defence is" when he is running AV,AT,Software firewall, hardware firewall, antispy, sandbox etc and asking for more?

    There is certainly no danger of using too little software there!

    If anything I think Wilder's has done many members a much larger diservice by implying that downloading and using security software without the least bit of understanding is all that is needed to secure your computer!

    A newbie who has being recently converted to the idea of security should not be encouraged to go on a download/purchasing binge!

    People download the latest and coolest stuff, without having a least bit of undertstanding what they are doing does not lead to more security.

    .
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    JayK,

    We are not in the habit of advizing anyone to install software without making sure they know what they are dealing with, and how to handle software. Just setting the record straight here.

    regards.

    paul
     
  12. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) To answer the original question of this thread: "YES!"

    But really it's up to you. I know a guy who is a PC geek who never uses anything except a process monitor. He has no Security applications at all, but that's him. He's extremely good at it. I have a lovely recent example of what happens without a firewall.

    For years my ISP (which is part of AT&T) advocated that their clients not use any kind of firewall. They did not use one either. Well, the newest worms caught them with their pants down, shutting the entire network down for about six hours. It cost them big bucks. They are now using a firewall. And, more importantly, especially to me, they have stopped complaining that I use both a hardware and a software firewall!

    In the end it's up to you. Most of the people I know who are using security applications have had the bad experiences to back it up. Those who have not will grow. It's only a matter of time. ;)
     
Loading...
Thread Status:
Not open for further replies.