Importance of a firewall (?)

I've got an ADSL connection running with a router and I also use a software firewall, but my question is this:

How important is the software firewall if I don't forward any ports (router to computer) - or in other words, if I don't allow any incoming connections?

Asking because I'm thinking of skipping the software firewall.

 

Hi Jon!
If controlling the incomming traffic is your only concern, then you could skip the software firewall. However, if you also want to controll the outgoing traffic, then I suggest you keep your software firewall.

Regards, C.

 

Allright, that makes sense.

About outgoing, I know that some MS applications might be blocked like alg.exe, cmd.exe, explorer.exe etc. - but with non-MS applications, isn't it be more appropriate to look into if they should be running or not, and/or if they're running in the background? Just like when disabling services.

What do you block from going out?

Thanks!

 

It's not just about blocking what goes out, which is usually anything suspicious, but it's also about controlling network accessing applications and processes. In other words, what ports and ip addresses they connect to, as well as the direction they need. Determining this for the myriad apps and processes takes some time to learn. As for MS apps, you can probably block explorer.exe (not iexplorer.exe) from accessing the Internet. It is tied in so closely with MS anything, that it is often a parent process and occasionaly wants Internet access, but it should almost exclusively be blocked. There may be a case if you want to view digital certificates where it would need to be allowed access, otherwise none is needed.

Personally, I like the additon of a software fw because I'm so used to using one and comfortable with them. The only way I would run behind a router without a software fw would be the use of a good HIPS app such as System Safety Monitor, Process Guard, Ghost SS or some other, reliable offering. Of course a solid, updated antivirus should be used no matter what setup you have.

 

I block anything suspicious, but the question is: which processes or other components do you want to allow/block access to Internet? The easiest way is to allow all components to have access, and focus on the applications. Therefore I recommend you e.g. ZA free which is an application based firewall. If you want something more advanced with a higher controll level, I would suggest e.g. ZA Pro or Comodo firewall, which you can controll the components/processes as well. Which one to allow/block, is yours to decide as long as your system/applications runs normal...

Regards, C.

 

Allright... will try out Comodo - I see the point of still having a software firewall. Just need something not too advanced, free and still secure.

- if possible!

Thanks for helping out!

 

Just a quick question. Does a Firewall truly need to pass every leak test to be effective? ZA Free passes only two tests, and seems to the job for many people. (Despite recent problems) I have used Windows XP Firewall in the past and never got anything in the way of Trojans or Malware. (Except once, but I'm not sure when it happened as it was found after installing Antivir awhile back.) But does the average home user really need anything more than a Zone Alarm Free for adequate protection, instead of a Comodo Firewall, or a ZA Pro version?

 

No, it doesn´t

No, he doesn´t

The most important task for a firewall is to protect from inbound, non-permitted network traffic. ZA free, Win XP firewall, GhostWall etc, solves this task in an excellent way. However, if you aren´t an average user or/and downloads a lot of material, which some maybe is of suspicious nature, then it could be an advantage to controll the outbound traffic to see which applications, components and processes is trying to establish connections to the network, where some could be malware. But this higher degree of controll requests more time and effort from the user...We shouldn´t also forget that most of us also have some sort of an AV/AT software that in most cases (if regurlaly updated), can detect and clean/delete in case something shows up.

Regards, C.

 

Thank you Cerxes. I've uninstalled the latest Comodo Firewall I was using as it was slowing down my PC when switching from one user to another. I now have been thinking of trying the latest verson of ZA Free. I used an older version of it 6.1.744 and there were no slow downs or troubles until I installed AOL AVS Antivirus and got a BSOD. After uninstalling it and using the latest Comodo I was happy, but then came the very noticable slowdown I spoke of. I have posted about this on the Comodo website, as I was also getting a security alert that I had no Firewall after logging my wife's account completely off and then clicking back on mine. The bottom line is, that I guess I don't have a problem using the Windows XP Firewall, but since my wife surfs much more than I do, (nothing nasty LOL) the simplicity ZA Free offers combined with some outbound protection seems like a better choice than the Windows Firewall. I have read that the last version of ZA has been stable, but I would appreciate your thoughts on this as I truly liked the way you responded to my last post. Thank you ahead of time.

 

ZA free is an excellent choice. It´s easy to configure and it gives you a stable and secure inbound protection (+ some outbound controll). Don´t forget to check against Steve Gibson´s "Shields Up", to check if your firewall is stealthed or not:

https://www.grc.com/x/ne.dll?bh0bkyd2

Regards, C.

 

Testing Comodo Firewall atm - thanks all for the feedback