Do you need a software firewall?

I have a hardware firewall with SPI (inbound protection), Vista 32 with Window's firewall enabled, NOD32 v3, and PrevX 2. Do I need a software firewall (other than window's version) with the aformentioned configuration? I always wonder if I need a professional grade software firewall running or not.... Am I protecting my pc enough?

 

Yes you need one.

http://www.matousec.com/

 

While Matousec is an interesting read, I sometimes feel like I am watching an old Certs breath mints commercial. Remember? "A sparkling drop of Retsyn"? "Retsyn" was supposedly nothing more than vegetable oil. Likewise, "leak tests" leave me with the feeling that I'm being sold a problem in order to create a solution.

I suggest that you go run Shields-Up and test for yourself.

I do run a software firewall myself, though, mostly because I like the ability to easily block (and detect) outgoing connections, and for the visibility (and blocking) of UDP incoming connections.

 

The answer depends on what you are looking for. If you look for a max security, then you can get those tests that are available at matousec and run them against your set of software. In case your set fails some tests, then your system cannot be called protected. It's just plain simple. If you don't care about max protection, you can live for ages without it and be happy.

 

Your hardware firewall provides inbound protection; a software firewall would add outbound protection.

So ask yourself: are youre concerned over applications connecting out?

 

So true. Twice a software firewall has protected me.

 

I have two hardware firewalls, one on our router and another on our modem. I'm guessing if anything gets through the modem, they then have the router to contend with. Then, they'll hit Windows firewall.

Then, getting through all that, there's two layers of virtualization sandboxes to get through, in the meantime dealing with my av/as software. I think that's enough.

I don't download email or much else but various types of security software to play with and them only from reliable sites, and I have several backup images in case anything does succeed.

 

Hi,

It all depends upon what you have in the box needing a protection.

If yours is merely a surfing machine, nothing valuable to worry about. Then your current setup is more than enough. Why bother with painful rule configurations and annoying pop ups.

On the other hand, if you have something that you ought to do the best to stand guard, then you need to consider good quality firewall, but not necessarily a paid ware. There are more than handful of excellent free firewalls around here. Just pick the one you like, and it will faithfully guard your interests. Good luck.

 

Or, encrypt anything important, such as tax info, business dealings, etc. I do that and keep the files on a separate HD and on CD.

 

This is like "to pay or not to pay for air bag" or "to pay or not to pay for crash-tests". Just drive carefully and you will not need any air-bag or a car with good crash-test results. But ... but .. is there a guarantee you'll always be carefull enough ?

 

There is no 100% guarantee, short of disconnecting your computer from the Internet. In conjunction with what I have on and attached to this computer, I trust the computer between my ears and avoid as much as possible what are considered dangerous sites. There's nothing on them I want or need anyway, so no need to even think about visiting them.

 

Its not just dangerous sites. I downloaded a simple screen saver awhile ago and it was packaged with some trojan. After I installed it I had 3 apps trying to gain access to the internet. My software firewall at the time ( Comodo 2.4) stopped it dead. I then ran a spyware scan and SAS found everything. I downloaded this screen saver from a known good site. Wincustomize. So there is proof a software firewall is worth it.

 

Control over outbound traffic is useful if you're concerned about apps or your system phoning home. It can also serve as a last line of defense against malware or adware connecting out, should you get compromised. Getting compromised doesn't mean that something broke thru your defenses. More often than not, it's a direct result of something the user clicked on, opened, or chose to allow.

Regarding that sites use of "leaktests" to compare firewalls, that's is one of the more worthless ways to compare firewalls. Leaktests were not designed to be comparison tools and were definitely not intended to be advertizing gimmicks. Using leaktests in this manner is a disservice to users who don't understand how they work. Leaktests are best used to tune and strengthen a firewalls configuration, not to compare them.
Rick

 

My vote is NO, you don't need one...

 

Considering what you already have running for security, an outbound
firewall is pretty much worthless for you, IMO. What's to say all the
"leaks" have been discovered? Naturally, someone can keep piling on
security software in the hopes of covering every obscure possibility,
but when the probability of successful attack approaches zero, it's
time to stop.

 

Outbound protection is overrated I think. It stops legitimate programs from calling home, which isn't always bad news. It may provide update alerts etc. With leaktests, unless it is a full behavior blocker, most of the time it is a blacklisting effort.

 

IMO, if you can't/don't want to write rules for a firewall you should:
- Stick to basic inbound protection (XP/Vista firewall) which is useful when you aren't behind your router (i.e. laptops) or a host in your home network is infected.
- Use a firewall with a big whitelist (NIS for example).

 

I have to agree there... it has become somewhat of an obsession with some folks in recent times... but I can't help but think it's hugely overrated in most practical situations...

 

Not always bad news, so it could be bad news sometimes? I don't care what anyone says. If a program requires outbound access, I want to restrict it on how it connects and where it connects to. I want to know if it is "calling home", how often it calls home, and its reason for calling home. If I decide all three parameters are legitimate, then I will keep the program, otherwise anything it does to trigger my suspicion is grounds for its immediate removal.

Since I don't install silly screensavers, freebie games, ad-infested file sharing programs and other dubious programs, this is usually not a concern for me. Still, I want to know what is going on under the hood and have the means to control traffic. Outbound filtering affords this additional traffic control that inbound-only firewalls don't.

Go ahead and label me as paranoid, but it sure beats being complacent.

*EDIT*

Sorry, apathetic is too strong an adjective. Changed to "complacent"

 

No need to go to either extreme. A little common sense goes a long way...

 

Outbound only blocks what you tell it to block. For me, just muting WMP is worthwhile.

 

I'd like to present my point of view on this. While a software firewall isn't mandatory in your situation, you might need at some point a good outbound protection. I agree that a well written rootkit or some clever malware will get past a software firewall easily. However, there are few well written rootkits . Of course a software firewall wil not protect you 100%, but it's much better than 0%.
Let me tell you about an experience I had. I'm usually a paranoid person (sometimes maybe too paranoid), but inspite of all precautions I took, one time I managed to run myself a rootkit on my computer (I downloaded the exe from a trusted source, and I also scanned it, so I was convinced it was clean - big mistake). At first, I didn't notice anything, but by checking the status screen of my firewall, I noticed some suspicious traffic and a suspicious process. I removed the rootkit promptly. In case you were wondering, the firewall was Sygate (which has some very poor results in leaktest - but I don't use it with default settings). So, to draw a conclusion, in some cases, even a firewall with weak outbound protection can save your data.

 

Outbound control overrated? When one malicious outbound connection carrying sensitive financial info can clean you out, how can it be overrated? On a neighbors PC, we caught a password stealing trojan with a firewall. Convinced him to call his bank since he'd recently started banking online. He was lucky. They were accessing his account when he called. It happens more than people want to admit. I would hope those here who think outbound control is overrated don't have to become victims before they decide otherwise. AVs and detection apps fail at times. Malware gets missed. Users make mistakes. Don't underestimate the importance of that last line of defense.
Rick

 

Sorry herbalist, but I'll be convinced when your neighbor uses that firewall to catch that trojan by himself.

 

I think you do get the occasional case where something was caught by the firewall. But the host based application firewall is more of a toy for security conscious consumer class users. I use one and like most other users here, just to keep a tab on what is connecting out. But it is not a part of a 'layered' defense for me.