Firewall, or No firewall, that is the question....

Discussion in 'other firewalls' started by papasmurf, Jul 15, 2010.

Thread Status:
Not open for further replies.
  1. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Please excuse the Shakespearean pun....but I am now wondering if I need a software
    firewall at all.
    I am behind a router. I have been told that a router is a hardware firewall.
    In fact, just about any test I do for my system does not show my systems actual IP,
    making the test results questionable at best.

    So, I am left wondering if I really need the software firewall at all.
    Yes I do run AV software..that is a must. I also have MBAM, but have had no real need to
    run it with firefox and assorted addons...
    Any opinions on this would be appreciated.
    Thank you.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    The day I bought my router and dropped software firewalls for good was one of the happiest days of my internet life. That was about 5 years ago. No more buggy software, no more worries. Some people still like to try to catch and/or control outbound traffic, some don't. That's up to you.... But the router covers inbound better than anything else, and without any load on your machine.
     
  3. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Seat belt or no seat belt? Don't need one if you never have an accident. Don't need an antivirus, firewall, image, or any type of security or backup if you don't have accident. Compute safely and trustfully :) .

    SourMilk out
     
  4. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    The modern routers have NAT and excellent Linux based SPI firewalls with DDoS protection, you have absolutely no need to double filter here and save those CPU cycles for some other productive work.
     
  5. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    What if the router has some kind of hardware failure that makes the firewall part of it non-functional? Wouldn't it be better to have at least the Windows firewall on, just in case? Of course, chances are router hardware failure will mean no Internet connection at all, but you never know.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Yes, just turn on Windows Firewall, you won't even notice it's there. Don't bother with any 3rd party firewall.
     
  7. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    +100% Agree!!! :thumb:

    -No more Software FWs.
    -NAT/SPI Router (+) Windows 7 FW
    have been more than enough.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    That's not going to happen. A NAT router would stop passing traffic altogether if anything failed. All you need is NAT.
     
  9. T-RHex

    T-RHex Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    97
    Note about the replies of Espozito and funkydude above: the OP is using WinXP (at least, according to his sig), so the Win7 firewall won't help much. For WinXP there's no point in turning on the firewall if you have a router since WinXP's firewall is inbound only and that's what your router is already doing.

    This has been brought up many times in the forum, so check out other threads for similar advice. There are also several threads discussing the use of add-on software security vs. built-in features of the OS; they're worth checking out.

    I only caution that an outbound firewall (which WinXP firewall is not) can be a last line of defence against a trojan that your AV doesn't catch. It's worked for my family (ie. "non-advanced" surfers) before I learned about LUA, SRP, virtualization, sandboxing, ...

    No, I'm not saying you *need* a software firewall. Other measures will protect you (LUA, SRP, for example) but if you don't have those in place and you're using an Admin account, personally I would strongly recommend a software firewall. In the event you get a trojan on your PC, nothing is stopping it from connecting out (not even your router).

    And some will argue that firewalls aren't bulletproof either, listing leak tests etc. That's why you get an AV from one place and a firewall from another: you hope what one doesn't catch the other will.

    And you can surf as safely as you want, but that doesn't help when a "trusted" site has been compromised (which has happened).

    Quite a few posters on the forums here are turning to no-AV, no-firewall setups, but they've spent a lot of time learning about such things as LUA and SRP. So don't just take anyone's word on "do this" or "don't do that": they're not taking your level of experience and system knowledge into account.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    .
    tr0security pretty much expressed my opinion about it. I would only add that a software firewall enables you to easily monitor network activity on the system while the router firewall does not.
     
  11. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Very, very, very true. :thumb:
     
  12. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Windows 7 or XP is not the issue.
    A NAT/SPI Firewall (within the Modem Router) is the reason for ditching Software Firewalls.
    That's the issue.
     
  13. Allen L.

    Allen L. Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    335
    Location:
    -Close-
    If you must use a firewall then use the old Kerio Personal v2.1.5 as is not all that great at screening the 'incoming' but is damn good, and in bare configuration, at letting you know *everything* that 'requests' outgoing IMO.

    Resource use is nil.

    :)
     
  14. T-RHex

    T-RHex Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    97
    I was just clarifying for the OP that there's a difference between using XP's firewall and Win7's: XP's doesn't provide outbound protection, whereas if you're using Win7 then you will get outbound protection. So while "NAT/SPI Router (+) Windows 7 FW" might be more than enough, "NAT/SPI Router (+) Windows XP FW" is not the same level of protection (also that with a router, using the WinXP firewall gains nothing).

    I agree with using a NAT/SPI Router w/Firewall, but just having one is not the sole reason for ditching a software firewall.

    I also agree about Kerio 2.1.5 (with BlitzenZeus' setup). Very light firewall that I used for years.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Kerio was one of the great classics yes, but I think you've got it backwards. Kerio does fine with inbound, however, it wouldn't hold up on outbound against most of the modern day firewalls with HIPS etc.
     
  16. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    -When I had a Dial-Up Modem (my OS was XP), I used some software FWs.
    From the time I switched to a NAT/SPI Modem Router (my OS was XP),
    I set my PCs free from any software FW.
    -About Kerio 2.1.5:
    I would prefer using a modern FW (Comodo, OA, Outpost etc.)
     
Loading...
Thread Status:
Not open for further replies.