Firewall-new or old one ?

Discussion in 'other firewalls' started by Perman, Sep 26, 2007.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,. folks: I am often disturbed by the notion that newer firewall in fact provides better protection. But from what I have heard here and other forums, more than few of those new innovations are actually causing headache/stomach ache for many users. So what you think if an old rag firewall is still capable of protecting your daily interest, is there any urgent need to replace it ? if so, what will be the criteria to do so ?
     
  2. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Most new firewalls these days are firewall/hips/anti spyware and just about contain everything including the kitchen sink.The actual firewall isnt really any different to old versions.
    ellison
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    If a firewall closes (or better yet stealths) your ports then its good. And if you dont care about old/new then just use a firewall that works.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Depends on whether you're talking bout inbound or outbound protection to some degree. For inbound, as long as you're covered against incoming traffic that you don't want, then you're ok. Outbound is another story, as all the various firewalls cover outbound in varying ways and degrees. The newer ones tend to include more HIPS-like features also. So you need to determine what you're most concerned about...
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    It depends on the firewall.
    Kerio users have been recommending version 2.15 over newer versions for a long time.
    If you're old firewall stealths you, why not keep it?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Perman,
    It would depend on the definition of "firewall".

    A lot of users, due to publish of such as "leaktests" now want a firewall to protect against these possible outbounds. It can be said that a firewall should be able to this, as a firewall should control any type of outbound, by any method.

    For example, there are still many users of Kerio 2, I have used this myself and would actually have no personal problem using this now, I would just add an HIPS which is current.

    You must have some concern about your current firewall? May I ask which you are using at the moment?
     
  7. SoCalReviews

    SoCalReviews Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    282
    Location:
    Los Angeles, CA
    Much of the hype is really about marketing new features to the consumer. I have set up many PC systems with only the Windows XP or Vista firewall, a NAT router, good anti-virus and good anti-spyware programs and those systems seem to run secure and trouble free. I have installed older free firewalls with the same AV and AS software on PC systems with the same results. I also use the "new" firewalls and integrated firewall with anti-malware solutions and have had the same great results for PC security. If your current security solution works well for you then you shouldn't feel tempted to change just because of the marketing hype you read.

    Another reason for the hype is that the security software industry has moved towards integrated solution based security in recent years to provide simple all in one subscription based solutions to the common user. Although I am not a big fan of the MS Vista operating system (mostly because of backward software compatibility issues) I do think that it is a step in the right direction regarding its security features. I think it is just a matter of time before more of the security features that you purchase individually or in suites become more effectively integrated into the operating systems and other security hardware such as the NAT routers and modem/routers.

    The move from individualized separate security software toward security suites was just the first step in the evolution of security solutions. Some might not want believe it but I think that the days of traditional PC "security software solutions" is numbered. We will be seeing more hardware solutions with subscription based security in the near future. Many of these changes are already happening at the ISP level (security software packages, subscription security software installed in the router/modem hardware or located on their servers) as they offer security solutions including anti-virus, anti-spyware, spam-filtering, etc.. to their customers. As multi-media set top boxes, gaming and entertainment systems running non-Windows operating systems become more common you will see a even more of this movement away from the software based security solutions that are currently marketed to the PC users.
     
    Last edited: Sep 26, 2007
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Thanks so much for the inputs so far, I am sure there will be more to pour in. I hope this thread interesting enough to draw folks' views in any possible perspectives. Stem, to answer your kind question: I am using Mcafee Desktop Firewall 8.5 right now. Its life of circle will end on October 31, 2007. We are advised to upgrade it to HIPS 6.1 My big boss is still skeptical of extra expenditure. My main concern right now is this: After that cut-off date, will my firewall be able to protect me. If not, I can always go back to Sunbelt personal firewall 4.5.916, which apparently did not pass leak test, but OK with anti-hook test by mousesk. Since you are an expert in this area, can you share some of advices ?Thanks.
     
  9. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Sadly, you may be right about that. :'(
     
  10. SoCalReviews

    SoCalReviews Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    282
    Location:
    Los Angeles, CA
    My view about this change for security software is based on thirty years of experience studying about or working in the computer industry. In a strange way I still sort of miss the days of programming in FORTRAN and PASCAL on mainframe computers in the early 1980's when I was studying computer science in college. I have yet to be proven wrong about various predictions that I have made about the computer industry since then. While working in corporate sales and business account tech support in the early to mid 1990s for an ISP I remember telling some of the others in my department that dial-up and ISDN would be thing of the past in the very near future as cable and the "new" digital signal technologies (now known as DSL) would soon become the standard. I know that these predictions can seem very obvious but it is surprising how much we as enthusiasts to hold onto the past even in a field that changes as fast as it does with computer and internet technologies.

    In the past year I have found myself using non-Windows based systems (Linux based PCs, advanced cell phones, PDAs, new Macs, and even gaming systems such as the PS3, Wii, XBox 360) more and more for internet access that I used to use only the Windows PC for. Meanwhile I mostly use the Windows PC for using older Windows applications for work and home use. This is why the companies marketing applications such as software firewalls, security suites, etc. need to make sure they keep the loyalty of their customers. The marketing of new features in their products along with better deals for subscriptions is one of the ways they are trying to do that. I didn't mean to detour too much off the main question in this thread about the need to change to "new" software firewalls and security solutions but this is all directly related to understanding the marketing that security companies are using to influence PC users.
     
    Last edited: Sep 26, 2007
  11. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    You remember the UCSD invention? Boy, do I feel old.

    But going back to the original question, many newer firewalls have morphed into more than just data stream filters. These new changes tend to interfere with other processes in the PC. I don't think you need to replace an old program just because it is old. Unless it becomes vulnerable and it is shut down and no longer controls the data communications within your PC, then I would say it is time for it to be replaced. PC security is a changing landscape so you should stay abreast of current trends and make changes as necessary.
     
  12. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    When it comes to firewalls...I think you are on to something. I believe older generally has worked better. That has been my experience. There are exceptons of course particularlly I see this with others. My experience older is better in firewalls.

    AVs on the other hand I think have progressed very nicely. Silently working in the background covering more and more malware not just the traditional virusware.
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I agree. ;)
     
  14. SoCalReviews

    SoCalReviews Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    282
    Location:
    Los Angeles, CA
    I actually liked programming in FORTRAN much more than PASCAL. One thing I don't miss are those 8+ hour continuous terminal sessions trying to debug the code after a week of writing it. Although I have been involved in the computer industry for a long time I have only recently (a few years) been involved volunteering my knowledge to both contribute to help other computer users and keep updated by reading these forums. I basically agree with your analysis about the newer firewalls. Adding to what you said about the new security software interfering with other PC processes, I actually have spent more time in the past five years having to deal with problems that were directly attributed to security software installed Windows based PCs than any problems created by malware or security breaches. The list PC of problems I have seen directly created by "security software" has been amazing. This would be great topic for an entire thread. If you find a set of security software that works for you then stick with it. If you need to change due to the end support or updates for a particular version then forums like this are a good place to look for other software solutions.
     
    Last edited: Sep 27, 2007
  15. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Newer firewalls tend to be updated more frequently. IMO...a currently supported, currently updated firewall is almost as important as maintaining an updated antivirus program.

    Some firewalls out there, especially the more popular ones, have had exploits against them..which can disable/corrupt/shut them down. Heh...without a NAT router...now you're screwed. Only one or two minutes with your PC on a public IP address...unprotected..might as well grab your XP cd and start formatting it right now.

    Currently supported firewalls will have updates to fix those exploints/vulnerabilities.
     
  16. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    YeOldStoneCat,
    Using your approach a properly configured Kerio 2.15 would be in big trouble. o_O :doubt:
     
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I don't wish to get into a "brand of the week"/favorites debate....I'll just say that it is a fact..that without naming brands, some of the more popular software firewalls have had exploits which specifically targeted them, and knocked them out. I clearly recall malware in the past that was capable of taking advantage of a vulnerability in certain software firewall brands..and could render them useless...thus the machine, if not behind another firewall like NAT...well, open to rape.

    Malware usually targets the most widely used names. Logic dictates those brands which are not widely used, are less likely to be targeted by certain malware.
     
  18. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    All security software is a target to be turned off or damaged by malware so systems can be exploited. Old Kerio is very popular and many knowledgable ones have stuck with it for years and years. Calling it brand of the week o_O

    By the way, I am a big believer in using a NAT Router too but this involves more money and complexity for single PC families. It is a shame to have to impose this on them to be secure. :(
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    The network infrastructure and protocols have not changed in the last ... lots of years. So old firewalls - as packet filters and traffic monitors - are as equally good as the new hips-boosted toys. I don't like the all-in-one privacy-kidney-protection-underactive-module stuff, so I'd say go with simple, old, light pure firewalls.
    Mrk
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    My thinking too!
     
  21. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Not to stray too off the beaten path, but that is nothing compared to the LONG lines to have to wait to submit your punched card deck to the card reader machine. And then to find out that you punched the wrong entries on the card and start the whole thing all over again. o_O :mad: :rolleyes: :thumbd:
    Imagine if submitting your Internet access commands was like that, a TON of people would stop using computers pronto. LOL :thumb:
     
  22. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Well I have used the same firewall on an old PC since I got it back in 1999 (with no router) and anytime I got a BSOD, it usually was the AV that was responsible for it and never the firewall. It still uses Windows 98 and I have never had a "security breach" from using the machine. I guess I must be pretty lucky that no one has targeted me? :cool:
     
  23. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Absolutely agreed. Such as MS products. Personally, I never thought that whoever decided that IBM and MS were to be the defacto standards had enough brain cells. :p ;)
     
  24. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Yep, and the more of that mediocre vs stand alone crap you stuff into your firewall the more chance of problems. :thumb:
     
  25. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I wasn't directly talking about Kerio....I meant, to stay away from all the fanboy pitches for their favorite firewall...as were sure to say "well MINE hasn't", etc.

    IMO having NAT isn't necessarily more money, or more complex. For one....most DSL/Fiber ISPs, have been shipping gateway appliances with their package. So when many people say "I just have a DSL modem"...pointing to the Speedstream or 2Wire or Westell, it's often indeed a router..they just don't know it.

    Cable ISPs are pretty much the only ones I see now that don't ship routers with their package.

    No need to purchase some internet security suite can be a savings. Sure a few "sharper" users here will point out free products..but we know the "average user" out there is purchasing the expensive, bloated, system performance life sucking suites out there.

    PC performs better without those suites.

    PC has a chance at a healthier life....less likely to pickup "bad stuff"...so the savings goes to the user in that they don't have to drop it off at the local computer shops for "repair/cleaning" as often.

    PC doesn't need the software that some ISPs ship with their product..which often causes problems, hampers performance, sometimes requiring them to have at tech work on it..more money.
     
Loading...
Thread Status:
Not open for further replies.