Inbound firewall: Necessary?

Example? Over the years there has been quite a few "malware" that, if it gets into a system...it will stop security features and bring in a whole bunch more malware. There has been, currently there is, and in the future there always will be..malware that is designed to halt/stop/attack/disable/corrupt/compromise the security features and services and software on a computer once it hits the computer. Not only antivirus and malware removal tools...but firewall services...popular 3rd party ones. I've worked on many computers over the years that have had this happen. Usually the end user never even knew it. Often the software firewalls (as well as the windows security warning) are disabled...the user never knew it.

I wouldn't trust a computer that spent more than 1 minute sitting on a public IP address without a software firewall. So this end user has been using their computer for <some amount of time> without even knowing the software firewall was somehow disabled. Might as well backup your data and format/reinstall that computer now, it's hosed. Not so much just from whatever malware originally got on it..but because it spend over 1 minute on a public IP address so it was getting poked/probed/raped/pillaged/plundered by thousands more during that time.

How did the malware get on the computer? We're talking about end users here...unless you're VERY bored and you're standing over their shoulder watching them every single minute they use their computer....why begin to ask that question. We're talking about end users here..they find ways. Surfing the net...hitting a website that was compromised with drive by injection code, downloaded warez/p2p/torrent crap that was "poisoned" with a surprise, opened an infected e-mail, inserted a floppy disk or USB drive that got infected on someone elses computer, etc etc. I rarely waste my time wondering how someone got infected, I just have to fix their junk after they did.


I don't know what you mean by "Explain please" about vulnerabilities come out. Uhm...stuff comes out which attacks Windows...and for that matter...other popular security software like antivirus and firewalls. Vendors release patches to try to keep up and plug these holes...Microsoft Updates for example, or Symantec Live Update. It's a cat and mouse game.

Regarding the ports such as RPC ports....yeah, your software firewall may close/stealth those ports. But my main point is....because I've seen software firewalls fail all to often...is one day you may boot up your computer and without you knowing it, for some reason, your software firewall service may not start up, so you're no longer protected. Sometimes a service within Windows can hang, or fail. Yes..it's true! We're talking about Windows here, we're talking about software. A minute or so goes by without that protection..and your PC is plugged right into your cable modem with a public IP address...BAM...you're hit. It takes less than 1 minute for a Windows computer to be compromised on a public IP address. Less than 1 minute. Less_than_one_minute.

Yes keeping up with your Microsoft updates helps you keep more secure
Yes keeping a quality updated antivirus helps keep your more secure
Yes never leaving your Administrator account with a <blank> password helps keep your more secure.

If I take a computer, lets take Windows XP ..oh...service pack 1..no other windows updates. I'll set it up behind a little Linksys NAT router...I can leave that computer running 24x7 for months...nobody using it, just sitting at desktop. I'm talking about the security of Windows itself, not due to end users blunders. Several months later ..heck...1 entire year later...I can come back to that computer...and I'll bet my house that it's safe, not compromised. I cannot make this same statement if we take a computer, and a software firewall, and have the computer directly plugged into a public IP address (no NAT appliance).

 

Yes, if you really close all ports a firewall isn't necessary. There's a nice guide and tool that helps to do it. But you can run into several problems listed on that site. And you can never be sure if some apps open ports. So enabling the built-in Windows firewall is surely the easier solution.

 

Thanks for the detailed explanations!

----
rich

 

Thanks for the reference!

----
rich

 

Yep, that's a nice one, thanks tlu......

 

Sorry to bump this, but...
No, firewall is not necessary. Neither is AV, AS, HIPS and so on. Depends on the mind-set.

Cheers.

 

If you mean firewall = personal firewall, I tend to agree.
If you mean firewall = built-in Windows firewall, I strongly disagree.

Windows has open ports by default. Not closing them is a serious security risk and not dependent on one's mindset. You can close them with other measures as mentioned above but that's not trivial.

 

Hi Thomas

I thought Windows' firewall is a personal firewall as well?

While I agree it's a bit of pain to disable unneeded services, I also think it is the only way to go. Do not plug the pipe with a cork, stop the flow on it's source. A firewall should filter inbound, not act as a nanny for Windows' services.

There is otoh the issue of being "seen" while online, but some people simply don't give a damn. The same is with other security software, I for one don't use an AV as I don't give a damn about other things.

That said, I have always been a strong supporter of software firewall idea, whether one uses a router or not.

Cheers,

 

Other than the geek crowd, who's capable or at least willing to do this? The typical home end-user who knows virtually nothing about the more technical aspects of computers is simply not going this route....guaranteed.

 

Hello.

Yes I agree and it's almost a paradox. An OS for the masses but still too complex to be properly managed by the masses. Is the OS really needlessly complex or the masses lack the will to learn? The source of all discussions. Subjects like this one are always debatable, as there is no general concensus. But it very much depends on your intentions (level of protection/filtering needed i.e.) which software will be necessary to you. Do I want to filter out bad packets or do I simply not care and just want to stay on the safe side? If the OP's intention was to ask whether he can stay safe without a firewall, then the answer is yes. But there are other aspects which makes firewall a necessity. As I often like to end my posts - to each its own.

Cheers,

 

Well put Seer. Simply put, I agree with YeOldeStonecat's recommendation of a router; it silently protects against unsolicited incoming traffic and keeps all kinds of cyber junk away from the pc's interface. It serves a pretty basic task but nonetheless an important one, as a first line of defense requiring no user input other than initial setup.