How necessary is a firewall if you have a router?

Discussion in 'other firewalls' started by ejr, Feb 21, 2007.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I sit behind a router that stealths all my ports.

    I have NOD32 AV installed.

    I have Spyware Termionator installed with all active protections on and HIPS enabled.

    I am considering installing SandboxIE and running my browser in it.

    How critical is it to have a firewall with the above in place? I do presently use one that I like (Comodo), but I would like to free up some resources on my aging computer.

    Thoughts?
     
  2. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    It depends if you think outbound protection is necessary. A while back, I had the same question and, after research in this forum, decided that my hardware router/firewall was enough for inbound protection. For outbound, I dowloaded Jetico 1.0 and removed the inbound protection filter. I feel that I am well protected for my browsing habits and have not had a problem with malware. I do, however, use powershadow when necessary, AOL AVS, spywareblaster, and k-meleon (javascript disabled). There will shortly be a debate here among posters if a software firewall is also necessary.
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I don't use one :D

    However, I have made it so that every single port is closed on my computer except for the one open for openssh, so that means a no-one can access my computer anyways since nothing is listening and waiting to be exploited.

    If you don't care about outbound (I don't), and you don't trust your network, then just run the built in windows firewall, or something like ghostwall or chx-i in order to keep your memory usage as light as possible. Or, disable everything listening on a port so that you won't be exploited and a firewall isn't very necessary.

    Cheers,

    Alphalutra1
     
  4. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    ~removed full quote of post just above~

    How do you do this (close all the ports)? I have all of my ports stealthed by my router. Is that the same thing?
     
    Last edited by a moderator: Feb 22, 2007
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    No, it isn´t the same thing. Your router (or any firewall) prevents the disclosure of the state of your ports.
    Use TCPView to know if there is anything listening on a port. Then disable unneeded service and use Windows Worms Doors Cleaner or Seconfig to close vulnerable/exploitable ports.
     
  6. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
  7. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    That would be a solid security environment, even without the software firewall. You just have to ask yourself: "do I want the outbound filtering a software firewall will give me and will it make me happier to use one?" If the answer is "No", then there you have it.

    As long as you understand that if something wants to connect out, it can do so without your knowledge, but as long as long you feel your machine will never get anything malicious lurking on it, you really don't have too much to worry about. The WWDC recommended to you is a nice way to close some "trojan-targeted" ports, as well as the option to disable some unneeded services. Some of the notables I have disabled in XP are:

    1. Messenger

    2. Net Logon

    3. NetMeeting Remote Desktop Sharing

    4. Remote Registry Service

    5. Server

    6. TCP/IP NetBIOS Helper Service

    You do have to exercise caution when disabling services, as you could cripple your machine disabling the wrong one(s) There is some info on services here: Services-Eldergeek
     
    Last edited: Feb 25, 2007
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes, they are very similar apps.
     
Loading...
Thread Status:
Not open for further replies.