Is a software firewall still needed if you have a hardware firewall?

Discussion in 'other firewalls' started by mmiranda, Oct 23, 2006.

Thread Status:
Not open for further replies.
  1. mmiranda

    mmiranda Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    37
    Location:
    NYC, USA
    Is a software firewall still needed if you have a hardware firewall?

    I use a Linksys NAT Router with a SPI Firewall along with ZoneAlarm Pro. But I noticed that since I got the router, I noticed that the counter of "Inbound Protection/Intrusions" of ZoneAlarm Pro does NOT block anything anymore. I turned ZoneAlarm Pro off and went to the Shields UP! website and guess what - I still was "TruStealth".
     
  2. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Simple answer, if you wish to have control of outbound communications, yes; if not, no. Is it needed? Your call.

    ZAP doesn't block anything since the router will handle unsolicited inbound communications. As for stealth, it's really irrelevant for a home user although a cottage industry has seemingly been built around it.

    The reason to use or not use a software firewall is to have fine control of the details and/or applications allowed to communicate directly to the outside. My personal need ranking is router first then a software firewall if desired. I do use a software firewall, but only as an application-based allowed/blocked filter.

    Blue
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Same here. Kerio 2.1.5 is excellent in this role.
     
  5. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    A software firewall is only necessary if you want outbound control. Even then you don't have to use a firewall, something like app defend would work well.
     
  6. Jim-M

    Jim-M Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    9
    I agree with what others have posted thus far, but I'd like to add that it's not a bad idea to add a software firewall as standard practice on laptops.

    Many people have purchased laptops for home use because of the size, portability etc. When used at home behind a hardware firewall all is well.

    But what if you decide to go away for the weekend, or take the laptop down to your local coffee shop or friends house. Now you can't be certain what else is lurking on the network your connecting to - so having a software firewall comes in handy.
     
  7. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    I'd always use a software firewall no matter what.

    I can't breathe without controlling the outbound access of my applications. :ninja:
     
  8. Happy-Dude

    Happy-Dude Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    54
    Location:
    United States of America
    Of course for the most protected access, a combinations of both kinds of firewalls, hardware and software, provide the utmost security. Software is more of a variety control, all apps and access by the program, while a hardware firewall, I think, controls what comes back in. So if a program is malicious, then the hardware firewall (if detected) would block it out before the malicious stuff touches your main systems.

    I use both types of firewalls, and the hardware firewall works well (but causes some lagging). Problem is that I think its harder to update than software. So combination works best, and software firewalls are needed for application controls.
     
  9. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I go back and forth using a software firewall due to the fact that I already run a Fortigate60 hardware firewal/AV/IPS. I personally believe that outbound protection is not needed and that NAT routing is much more important.

    I know that most here think that outbound protection is more important then keeping a clean system, and by clean I mean a system that hasnt had its kernal hooked by the firewall...typically causing OS problems down the road.. so tell me a story you outbounders.

    I want an instance in which you had your firewalls outbound protection protect you. Dont tell me a story about some "freeware" in which the firewall protected you cause we all know that there is nothing free in this world, and that freeware is either after an email address to add to their list to sell out to spammers or for some sort of trojan install to add you to their bot farm.

    Given that the all your software was paid for, what snuck into your system via some valid program in a zero day type situation (bufferoverflow, ect)
    in which your outbound protection caught the issue.

    Thanks.
     
  10. Arup

    Arup Guest

    After getting the router and a switch, I don't use any firewalls, just Avast AV and depend on its network scanner to keep me out of nasties, I do check my router logs daily, also I have TCPView running in background and check on it from time to time. When I was not on router, I was on CHX which too is strictly inbound. Point is if you are a heavy gamer or P2P person, leaving it to the router is a better way than putting heavy load software firewalls which sometimes might even cause you connection slow downs.
     
  11. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I am guessing by the lack of any reply that all outbound protection does is give piece of mind. I dont think that piece of mind is worth hooking the OS kernel.
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    For many of us, if you are focussing solely on protection, you're barking up the wrong tree. It is about control. Control of what can speak to the outside and how that communication proceeds. There are plenty of perfectly valid programs that I block because I wish to control when/how/if they communicate with the outside.

    In some respects, if you rely on a firewall for protection it is either your sole security application (and this can work absolutely fine for advanced users) or it is a backup strategy since, if the communications are already going out you've already been compromised and your primary approach clearly has some gaps which need to be addressed.

    Blue
     
  13. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yes it does give peace of mind in the fact that i can control and monitor whats coming in and going out.
     
  14. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    That piece of mind will cost you in the long run. OS kernels are not designed to be hooked. I am guessing there will be a collective mental breakdown when Vista rolls out. At this point hooking will not be allowed, and thus, no third party firewalls will work.
     
  15. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Well i guess i won't be using vista then...
     
  16. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hey,

    lol, not completely true.. ;) :p

    Lol, Vista does have it's very own firewall for inbound and outbound control..

    best regards,

    iNsuRRecTiON
     
  17. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yeah but if they gonna force me to have use certain software then i ain't gonna be using it.
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i have also noticed that recently i havent got any activiity since i have got my nat router to odvisally my router is working.
     
  19. rpsgc

    rpsgc Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    266
    Location:
    Portugal
    Can you tell me some other software similar to appdefend? :)
    I'm wondering the same as the OP. I have a router with SPI firewall, AOL AVS (our kaspersky friend), Windows Defender, XP SP2 firewall and WinPatrol Plus (it isn't a "real" HIPS isn't it?). Should I use more?
     
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For HIPS that include network access
    SSM (beta)
    Prosecurity
     
  21. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    You won't be the only one.
    Why would I trust a firewall from M$?
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Leaving aside the knee jerk reaction against all thing M$, it strikes me as a circular argument.

    No machine (router) or software is EVER foolproof ever since the Titantic proved the folly of technical arrogance. Ask NASA about foolproof software they found was flawed.

    This being the case, the amount of security you need is perhaps quite different from what you WANT. Most do not know enough about all the programs on our PC's or the sites we visit to assess the risks. What we need depends on our online activities. If you use you PC to buy products and do online banking that is one level of need. If all you do is surf in your area of interest and send email then that clearly is another.

    Like most debates amongst techies it is NOT A or B it is both.

    Error on the side of safety, use both the router and the software firewall the S/W acts as a backup in case a parasite slips past. Now you guys can climb all over me a say how no parasite could ever slip past your secuity set up.

    On outbound would you not want some control of what data is leaving your computer? Oh ya I forgot your ship cannot sink......:D
     
  23. rpsgc

    rpsgc Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    266
    Location:
    Portugal
    Only the paid version right?
    Thanks.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, currently only the paid version of SSM will include network access control.
     
  25. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I agree that a software firewall is necessary.
    But maybe the biggest factor is with a laptop, as has been said, when you are away from home. If no software firewall then that much less protection.

    I would not be without a software firewall, and I am behind a NAT.

    I won't need a new computer for several years, unless mine breaks. When I do I am sure I will get Vista installed, just like most of you who say, "I AIN"T..."

    When it gets down to it, MS is so large and Windows the predominate OS that it is like cutting off your nose to spite your face to refuse it.

    If Vista has its own in/out firewall I think that is a plus. Of course each "Pays his money and takes his choice."

    Jerry
     
Loading...
Thread Status:
Not open for further replies.