Firewall Unnecessary?

Discussion in 'other firewalls' started by LenC, Aug 30, 2008.

Thread Status:
Not open for further replies.
  1. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    I was reading a column in which the author stated you don't really need a software firewall if you are using an NAT enabled router.

    Comments on that?
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    The author is correct if we're talking about straight up inbound attacks, routers are much better at that than software firewalls. A big however though comes into play when we start talking about malware/viruses and, sometimes, not so malicious but a bit "shady" programs that start wanting to "call home". Routers won't stop that where a software firewall (or HIPS if you're so inclined) will, it's called outbound control. If you keep your system clean of shady programs and malware/viruses, then no, a software firewall IMHO is not necessary behind a router. If not used for outbound control it becomes another process just taking up the CPU and memory, not to mention space on the harddrive.
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Neither router nor firewall, nor proxy (and even if you combine them altogther) will save you against the hidden internet tunnel. Most endpoints seem to be intercepted or sort of infected and in this case there is no escape.
     
  4. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    dw426 -

    Helpful insight - thank you.

    He was also saying that an outbound protection is unnecessary if you protect yourself properly the other way. I guess theoretically that's true, but it seems to me that if a malware or keylogger program somehow got on my machine, I would certainly want the outbound protection.
     
  5. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    SystemJunkie -

    Can you explain what that is?
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Indeed you would. Taking precautions and having a good security plan in place will keep you out of 99% of trouble, but that extra 1% can be a PITA at best or a nightmare at worst. If you feel outbound protection is necessary, by all means use it. A little more CPU and memory use is small potatoes to the problems some of these things can cause.
     
  7. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    LenC,

    Agree with dw426.

    Speaking practically and being behind a router/firewall-I ditched my software one a year ago.

    Additionally am using a HIPS and an AV.

    Never had any malware!!

    An excellent HIPS as regards leaktests is ProSecurity 1.42 (or Real-Time Defender,as its now called).

    See here matousec,or the HIPS from Private Firewall-DSA
     
    Last edited: Aug 31, 2008
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Partially (thanks for the link) but there is so much more would bust the scope of this topic. In short the term security is in most cases only dummy security. Don´t rely on firewalls and believe you are secure, don´t rely on routers and believe you are secure and the same is valid for all kind of security suites, antiviruses, antirootkits.... a computer in correlation with internet is nowadays a too complex scenario to guarantee one individual total control. Firewalls and Hips are good as little watchdogs and to learn more about your system, routers are useful as hubs and maybe to block some simple attacks but not to prevent real threats.
     
    Last edited: Aug 31, 2008
  10. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Microsoft MPV Leo has something to say about Firewalls !
    http://ask-leo.com/
     
  11. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Hey Huupi -

    If my memory serves me correctly, that's where I read this first. I like Leo's website!
     
  12. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I've found quite a lot of new trojans with the firewall when I used kis 7(now in kis 2009 the hips takes care of it too).
     
  13. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Me too. :thumb:
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Good. Another one of these threads. I hate digging up old ones with the same questions. But, since there are always new programs and I am only one person, maybe someone knows the solution.

    I agree also with the article in as much as you don't really need a software firewall if you know what you are doing. As well it is my opinion that those that really really don't know what they are doing have no use for a firewall because they probably become infected easily and a popup from a firewall would do no real good. And then there are those who know a good bit, but still have a ways to go. For them I believe a firewall is maybe not needed, but a very great learning tool for them to see just what is happening with thier computer regarding inbound and outbound events.

    Now, as I have stated before, what I am looking for is the application that is not a hips, not a firewall, but somewhere inbetween. I want very fast and lightweight and stable. I want a program that just watches for an application or process that tries to go outbound and simply say 'yes' or 'no'. Right now I am using Outpost v2.0 with 2 rules, allow and deny. This really is simplistic in as much as I can see my logs and have very simple app control without having to worry about tweaking every aspect.

    But the part I do not like is that every packet basically must be sniffed somehow. It is not TDI I know, more kernel level. But I can tell if I load up the connection, that the driver starts to do some serious work. This applies IMO to all firewalls, because they examine every packet.

    No, what I want is just plain and simple, if a process starts to send/recieve a packet, just allow or not. Nothing more involved. I have other methods to handle the rest of what I need.

    So, any new news for this type of application?

    So I keep using a very very basic ruleset for my software firewall, knowing I don't really need it, but wanting to at least KNOW when something is coming or going. And that is why I don't completely follow Leo's advice, because I do still want to know, instead of have no idea whatsoever.

    Sul.
     
  15. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    A Firewall + Hips is a joyful tool as long as it isn´t secretly disabled and has not too many bugs.
     
Loading...
Thread Status:
Not open for further replies.