Hardware Firewall do I need a software still?

I have WinPatrol, MBAM, Norton Antivirus 2010, Keyscrambler Pro, and Hitman Pro.

My hardware firewall is in a Dlink DIR-655. Would I still need to install a software firewall such as Comodo or should what I have be sufficient to protect me.

 

You need a SW firewall if you are expecting someone to attack you from within your LAN and/or require outbound protection.

 

The combination of your router firewall + Windows 7 Firewall is great.
The combination of your router firewall + Windows Vista firewall is good.
The combination of your router firewall + Windows XP firewall is sufficient.

So unless you have Windows XP I wouldn't install another software firewall. Next to that Windows Firewall is really light.

 

You need a software fw to check - and block - the outbound connections, also those of " friend " softwares and applications.

 

IMO the most important reason for having a software FW is to monitor/control outbound connections so as to prevent keyloggers from calling home. If a keylogger somehow manages to sneak past your security applications, it still won't be able to do any harm if it is unable to connect out & send the information it has stolen.

 

Cant viruses and keyloggers force themselves into the allowed programs by editing registry and/or firewall rules?

 

No one can tell

 

If thats the case then anything but a hardware FW is useless anyways.

 

Well, your so called HW firewall runs Linux iptables, BSD pf or some Cisco or its clone on the enterprise end. There's no such thing like HW firewall in fact. Also, AV programs only detect known malware plus whatever their heuristics can guess as malware.

 

I don't know about editing the registry or firewall rules, but they can most certainly bypass firewalls in some cases. Here's one example. I also believe that it might be possible for malware to piggyback on svchost.exe, think I read that somewhere. The Chaos Computer Club also has POC source code that could be added to a Trojan that automatically clicks "allow" for you, saving you the effort. Apparently it clicks the popup away so fast you don't even notice it.

The last time I used a software firewall was around 7 years ago, before I picked up a router. I can remember clicking "deny" for RealPlayer and it connected to real.com anyway. The best bet is to skip software firewalls, save a few resources and just don't install any keyloggers and Trojans.

 

Many software firewalls maintain hashes (MD5, SHA-1 etc) of executables & will spot any changes thereto, however miniscule. FWs with hash control include but are not limited to Outpost & Kerio.

Also, FW are usually self-protected against killing or modification.

Many HIPS also monitor hashes. Some HIPS also protect registry -- Malware Defender is an example. As another example, Threatfire can be configured to protect the registry, using (for example) one of the rules suggested by Kees1958.

Another good protection from hi-jacking of allowed programs is to use a file integrity checker --
a good free one is Tiny Watcher (TW). TW comes with most sensitive system files & registry items preconfigured for checking. You can add others if desired. For instance I have added the executables for all the threatgates on my computer (browsers, email clients, etc). I scan once daily, using TW's Deep Scan -- takes about 2 minutes. TW's Quick Check is (duhhh) even quicker, of course.

TW uses the extremely powerful SHA-1 hash. If ever TW spots any changes to monitored items, it reports them & offers you several ways to analyze the changes, & several actions you can take with such changes. The *ultimate action* is, of course, to restore that clean image you made with Macrium Reflect the other day (you DID make one, right?)