Hardware Firewall do I need a software still?

Discussion in 'other firewalls' started by R3XNebular, Apr 12, 2010.

Thread Status:
Not open for further replies.
  1. R3XNebular

    R3XNebular Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    58
    I have WinPatrol, MBAM, Norton Antivirus 2010, Keyscrambler Pro, and Hitman Pro.

    My hardware firewall is in a Dlink DIR-655. Would I still need to install a software firewall such as Comodo or should what I have be sufficient to protect me.
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You need a SW firewall if you are expecting someone to attack you from within your LAN and/or require outbound protection.
     
  3. Matthijs5nl

    Matthijs5nl Guest

    The combination of your router firewall + Windows 7 Firewall is great.
    The combination of your router firewall + Windows Vista firewall is good.
    The combination of your router firewall + Windows XP firewall is sufficient.

    So unless you have Windows XP I wouldn't install another software firewall. Next to that Windows Firewall is really light.
     
  4. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    You need a software fw to check - and block - the outbound connections, also those of " friend " softwares and applications.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    IMO the most important reason for having a software FW is to monitor/control outbound connections so as to prevent keyloggers from calling home. If a keylogger somehow manages to sneak past your security applications, it still won't be able to do any harm if it is unable to connect out & send the information it has stolen.
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Cant viruses and keyloggers force themselves into the allowed programs by editing registry and/or firewall rules?
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    No one can tell :)
     
  8. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    If thats the case then anything but a hardware FW is useless anyways.
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, your so called HW firewall runs Linux iptables, BSD pf or some Cisco or its clone on the enterprise end. There's no such thing like HW firewall in fact. Also, AV programs only detect known malware plus whatever their heuristics can guess as malware.
     
  10. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    I don't know about editing the registry or firewall rules, but they can most certainly bypass firewalls in some cases. Here's one example. I also believe that it might be possible for malware to piggyback on svchost.exe, think I read that somewhere. The Chaos Computer Club also has POC source code that could be added to a Trojan that automatically clicks "allow" for you, saving you the effort. Apparently it clicks the popup away so fast you don't even notice it.

    The last time I used a software firewall was around 7 years ago, before I picked up a router. I can remember clicking "deny" for RealPlayer and it connected to real.com anyway. The best bet is to skip software firewalls, save a few resources and just don't install any keyloggers and Trojans.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Many software firewalls maintain hashes (MD5, SHA-1 etc) of executables & will spot any changes thereto, however miniscule. FWs with hash control include but are not limited to Outpost & Kerio.

    Also, FW are usually self-protected against killing or modification.

    Many HIPS also monitor hashes. Some HIPS also protect registry -- Malware Defender is an example. As another example, Threatfire can be configured to protect the registry, using (for example) one of the rules suggested by Kees1958.

    Another good protection from hi-jacking of allowed programs is to use a file integrity checker --
    a good free one is Tiny Watcher (TW). TW comes with most sensitive system files & registry items preconfigured for checking. You can add others if desired. For instance I have added the executables for all the threatgates on my computer (browsers, email clients, etc). I scan once daily, using TW's Deep Scan -- takes about 2 minutes. TW's Quick Check is (duhhh) even quicker, of course.

    TW uses the extremely powerful SHA-1 hash. If ever TW spots any changes to monitored items, it reports them & offers you several ways to analyze the changes, & several actions you can take with such changes. The *ultimate action* is, of course, to restore that clean image you made with Macrium Reflect the other day (you DID make one, right?)
     
  12. siberianwolf

    siberianwolf Registered Member

    Joined:
    Feb 15, 2009
    Posts:
    516
    if the reason you'll use the sw fw is gonna be having control over applications' behaviours, then you'd better go for a hips or behaviour blocker sw w/out a fw. cuz unless you professionaly tweak most of the settings of the fw, you ll never get the chance to have a total control over your pc & sw's. something always could possibly sneak in /out. just my 2 cents.
     
Loading...
Thread Status:
Not open for further replies.