Do you need a software firewall?

Discussion in 'other firewalls' started by Killtek, Dec 7, 2007.

Thread Status:
Not open for further replies.
  1. Killtek

    Killtek Registered Member

    Joined:
    Feb 22, 2007
    Posts:
    100
    I have a hardware firewall with SPI (inbound protection), Vista 32 with Window's firewall enabled, NOD32 v3, and PrevX 2. Do I need a software firewall (other than window's version) with the aformentioned configuration? I always wonder if I need a professional grade software firewall running or not.... Am I protecting my pc enough?

    o_O
     
  2. Vettetech

    Vettetech Former Poster

    Joined:
    Nov 24, 2007
    Posts:
    339
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    While Matousec is an interesting read, I sometimes feel like I am watching an old Certs breath mints commercial. Remember? "A sparkling drop of Retsyn"? "Retsyn" was supposedly nothing more than vegetable oil. Likewise, "leak tests" leave me with the feeling that I'm being sold a problem in order to create a solution.

    I suggest that you go run Shields-Up and test for yourself.

    I do run a software firewall myself, though, mostly because I like the ability to easily block (and detect) outgoing connections, and for the visibility (and blocking) of UDP incoming connections.
     
  4. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    The answer depends on what you are looking for. If you look for a max security, then you can get those tests that are available at matousec and run them against your set of software. In case your set fails some tests, then your system cannot be called protected. It's just plain simple. If you don't care about max protection, you can live for ages without it and be happy.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Your hardware firewall provides inbound protection; a software firewall would add outbound protection.

    So ask yourself: are youre concerned over applications connecting out?
     
  6. Vettetech

    Vettetech Former Poster

    Joined:
    Nov 24, 2007
    Posts:
    339
    So true. Twice a software firewall has protected me.
     
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I have two hardware firewalls, one on our router and another on our modem. I'm guessing if anything gets through the modem, they then have the router to contend with. Then, they'll hit Windows firewall.

    Then, getting through all that, there's two layers of virtualization sandboxes to get through, in the meantime dealing with my av/as software. I think that's enough.

    I don't download email or much else but various types of security software to play with and them only from reliable sites, and I have several backup images in case anything does succeed.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    It all depends upon what you have in the box needing a protection.

    If yours is merely a surfing machine, nothing valuable to worry about. Then your current setup is more than enough. Why bother with painful rule configurations and annoying pop ups.

    On the other hand, if you have something that you ought to do the best to stand guard, then you need to consider good quality firewall, but not necessarily a paid ware. There are more than handful of excellent free firewalls around here. Just pick the one you like, and it will faithfully guard your interests. Good luck.
     
  9. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Or, encrypt anything important, such as tax info, business dealings, etc. I do that and keep the files on a separate HD and on CD.
     
  10. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    This is like "to pay or not to pay for air bag" or "to pay or not to pay for crash-tests". Just drive carefully and you will not need any air-bag or a car with good crash-test results. But ... but .. is there a guarantee you'll always be carefull enough ?
     
  11. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    There is no 100% guarantee, short of disconnecting your computer from the Internet. In conjunction with what I have on and attached to this computer, I trust the computer between my ears and avoid as much as possible what are considered dangerous sites. There's nothing on them I want or need anyway, so no need to even think about visiting them.
     
  12. Vettetech

    Vettetech Former Poster

    Joined:
    Nov 24, 2007
    Posts:
    339
    Its not just dangerous sites. I downloaded a simple screen saver awhile ago and it was packaged with some trojan. After I installed it I had 3 apps trying to gain access to the internet. My software firewall at the time ( Comodo 2.4) stopped it dead. I then ran a spyware scan and SAS found everything. I downloaded this screen saver from a known good site. Wincustomize. So there is proof a software firewall is worth it.
     
  13. herbalist

    herbalist Guest

    Control over outbound traffic is useful if you're concerned about apps or your system phoning home. It can also serve as a last line of defense against malware or adware connecting out, should you get compromised. Getting compromised doesn't mean that something broke thru your defenses. More often than not, it's a direct result of something the user clicked on, opened, or chose to allow.

    Regarding that sites use of "leaktests" to compare firewalls, that's is one of the more worthless ways to compare firewalls. Leaktests were not designed to be comparison tools and were definitely not intended to be advertizing gimmicks. Using leaktests in this manner is a disservice to users who don't understand how they work. Leaktests are best used to tune and strengthen a firewalls configuration, not to compare them.
    Rick
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    My vote is NO, you don't need one...
     
  15. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Considering what you already have running for security, an outbound
    firewall is pretty much worthless for you, IMO. What's to say all the
    "leaks" have been discovered? Naturally, someone can keep piling on
    security software in the hopes of covering every obscure possibility,
    but when the probability of successful attack approaches zero, it's
    time to stop.
     
  16. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Outbound protection is overrated I think. It stops legitimate programs from calling home, which isn't always bad news. It may provide update alerts etc. With leaktests, unless it is a full behavior blocker, most of the time it is a blacklisting effort.
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    IMO, if you can't/don't want to write rules for a firewall you should:
    - Stick to basic inbound protection (XP/Vista firewall) which is useful when you aren't behind your router (i.e. laptops) or a host in your home network is infected.
    - Use a firewall with a big whitelist (NIS for example).
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I have to agree there... it has become somewhat of an obsession with some folks in recent times... but I can't help but think it's hugely overrated in most practical situations...
     
  19. wat0114

    wat0114 Guest

    Not always bad news, so it could be bad news sometimes? I don't care what anyone says. If a program requires outbound access, I want to restrict it on how it connects and where it connects to. I want to know if it is "calling home", how often it calls home, and its reason for calling home. If I decide all three parameters are legitimate, then I will keep the program, otherwise anything it does to trigger my suspicion is grounds for its immediate removal.

    Since I don't install silly screensavers, freebie games, ad-infested file sharing programs and other dubious programs, this is usually not a concern for me. Still, I want to know what is going on under the hood and have the means to control traffic. Outbound filtering affords this additional traffic control that inbound-only firewalls don't.

    Go ahead and label me as paranoid, but it sure beats being complacent.

    *EDIT*

    Sorry, apathetic is too strong an adjective. Changed to "complacent" :)
     
    Last edited by a moderator: Dec 8, 2007
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    No need to go to either extreme. A little common sense goes a long way...
     
  21. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Outbound only blocks what you tell it to block. For me, just muting WMP is worthwhile.
     

    Attached Files:

    • WMP.jpg
      WMP.jpg
      File size:
      22.1 KB
      Views:
      372
  22. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I'd like to present my point of view on this. While a software firewall isn't mandatory in your situation, you might need at some point a good outbound protection. I agree that a well written rootkit or some clever malware will get past a software firewall easily. However, there are few well written rootkits :). Of course a software firewall wil not protect you 100%, but it's much better than 0%.
    Let me tell you about an experience I had. I'm usually a paranoid person (sometimes maybe too paranoid), but inspite of all precautions I took, one time I managed to run myself a rootkit on my computer (I downloaded the exe from a trusted source, and I also scanned it, so I was convinced it was clean - big mistake). At first, I didn't notice anything, but by checking the status screen of my firewall, I noticed some suspicious traffic and a suspicious process. I removed the rootkit promptly. In case you were wondering, the firewall was Sygate (which has some very poor results in leaktest - but I don't use it with default settings). So, to draw a conclusion, in some cases, even a firewall with weak outbound protection can save your data.
     
  23. herbalist

    herbalist Guest

    Outbound control overrated? When one malicious outbound connection carrying sensitive financial info can clean you out, how can it be overrated? On a neighbors PC, we caught a password stealing trojan with a firewall. Convinced him to call his bank since he'd recently started banking online. He was lucky. They were accessing his account when he called. It happens more than people want to admit. I would hope those here who think outbound control is overrated don't have to become victims before they decide otherwise. AVs and detection apps fail at times. Malware gets missed. Users make mistakes. Don't underestimate the importance of that last line of defense.
    Rick
     
  24. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Sorry herbalist, but I'll be convinced when your neighbor uses that firewall to catch that trojan by himself.
     
  25. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I think you do get the occasional case where something was caught by the firewall. But the host based application firewall is more of a toy for security conscious consumer class users. I use one and like most other users here, just to keep a tab on what is connecting out. But it is not a part of a 'layered' defense for me.
     
Loading...
Thread Status:
Not open for further replies.