LUA + SRP =firewall not necessary?

Discussion in 'other anti-malware software' started by new2security, Sep 6, 2010.

Thread Status:
Not open for further replies.
  1. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Something came to my mind while I composed a question in Wilders forum couple of days ago, concerning a disabled firewall - isn't it so that if you run a fully patched XP system with LUA and fully enforced SRP (including dlls), and tightened permissions on system folders, risky services disabled - do you really need a firewall (software or router)?
     
  2. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    In those circumstances a firewall is a bit like airbags and a seatbelt. It's there to protect you from the unanticipated and your own silly mistakes. So do you need one? Yes.
     
  3. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Firewall is must have to safeguard your gateway from intruders.
     
  4. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Firewall is useless if you have no listening service or app.

    On top of that, probability is high you are behind a router which would make the firewall totally useless anyway (acts like firewall).

    You use Windows? Windows comes with a by default activated firewall. Let as it is and enjoy.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Even if you have tight LUA+SRP, you should nonetheless have a firewall that has inbound protection, whether it's provided by hardware or software. Regarding outbound protection provided by a software firewall, you'll probably find differing opinions here; I personally don't use outbound protection anymore in my LUA+AppLocker setup. A program needs to be running on your machine in order for outbound protection to come into play.
     
  6. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    @ Scoobs72, Boyfriend - I see your point. I'm not discouraging anyone to use their firewalls, but if all ports are closed, and with no services are listening the probability of anyone getting inside your system is pretty slim. And if anyone gets in, there isn't much the malware could do to your system (LUA, SRP and hardened system).

    @MrBrian - I think outbound protection is little overrated. I for one rarely know if I should allow or deny an app that tries to tag along with another app. I usually allow all of them!

    @Lucy - Yes, AFAIK a closed port cannot be forced open. I don't use a router.
    Once I scanned W2K without a firewall and all ports were closed. That was pretty cool imo, but yeah, I felt more secure sitting behind a firewall than without.
     
  7. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @new2security - Firewall is must have protection. LUA + SRP + System hardening will not protect you from network intrusion (DDOS, pings, port scanning, targeted attack, virus probing etc.). You should at least enable Windows Firewall. It would be much better if you configure it just as you configure SRP. Third party good firewall is another good option.
     
  8. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492

    Thanks for expanding the details. Yes, you're right regarding DDOS, Pings etc.
    But concerning virus probing, what could it do to a system without a firewall?

    I just had a "what-if" moment, it's nothing I'm implementing or so. I use a software firewall.
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I haven't used a firewall in maybe three years except on rare occasions. You do not need a software firewall to stay problem free. You only need knowledge. I concede that using a software firewall does help you to learn what is happening, thus serving to teach you how to not have to use a firewall.

    Some people need firewalls. Some don't. There is no emperical evidence that having one will keep you any more secure than not having one. If you don't understand the risks of not having one, then perhaps you need one. Once you do understand why you don't need one, you are free to do other things with the time that used to be devoted to configuring them. That is my favorite part.

    Sul.
     
  10. wat0114

    wat0114 Guest

    A firewall with outbound filtering is useful to me because:

    • It affords me a nifty tool for helping me learn about networking basics.
    • It lets me know what process is trying to communicate out and where exactly it's trying to communicate to. This matters to me even though it may not to others.
    • It lets me restrict how and where the process communicates to. This also matters to me...
    • When I know the latter two points, I may decide not to use a particular app based on what I see it doing network-wise. Example was Google Chrome; I did not like what I saw during installation, especially the process in user space under AppData, so I decided not to use it. It's that simple.

    BTW, I use the built-in Win7 fw for two-way control, so there's no additional 3rd party product interfering with the system functionality.
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Do you use it as an exploratory tool primarily, or do you set rules in place for everything? Meaning, once you are satisified with what a program is or is not doing, do you still make strict rules for it?

    Sul.
     
  12. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Yeah that makes sense. If you know what you're doing, closed ports probably is enough. A long journey for me, but perhaps one day I'll be fine without a firewall.
    Any tip on the way?
     
  13. wat0114

    wat0114 Guest

    Some of it's for exploratory puroses, out of curiosity, while most of it's to restrict each process to only what it needs remote port-wise, and in a few cases for remote ip addresses as well. I've got everything restricted via the fw, allowing them only what they need. Even though this level of control will seem bizzare to most, it's what suits me, though by nature I'm no control freak :)
     
  14. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Agree on the software firewall question, but the OPs post related to both software and router based firewalls and the OP doesn't use a router....so he's talking about a totally un-firewalled siutation. Are you saying you are equally totally un-firewalled?
     
  15. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Actually his question was do you need a firewall -software or router. The answer is no, you don't need a firewall if you know what you are doing.

    A router using NAT is not a firewall, it is a network device running Network Address Translation. It does nothing in the classic sense of what a firewall does. Many routers today have rude firewalls built into them.

    So in my answer, it assumes the question is in relation to a software firewall or the firewall-ish features in some routers.

    I would not say going without a router entirely means you have to have a software firewall. But I would say you would be better served to use a software firewall if you don't have a router. Connecting to the web without a firewall or router, with about any version of windows, does not mean instant take-over. But if you don't have the skills to do so, a firewall is the best bet.

    And no, heck no, I am not without a router. It is the easiest and most secure first line of defense at our disposal. IMO.

    Sul.
     
  16. wat0114

    wat0114 Guest

    Routers should almost be made mandatory for home pc users. YeoldeStonecat has tried (mostly in vain, I'm afraid) to hammer home the importance of routers for home pc's, citing first-hand experience on the correlation between pc's without routers that are absolutely teeming with malware, while those that are behind a router are far less likely to be malware-infested. People can argue the merits of this all they want, but it's pretty tough to dispute reality.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i am going to give my humble opinion and that is that a outbound firewalling protection is very important to fight againts keyloggers transmiting info/data outside the the web:):) if the antivirus is bypassed then the firewall can come handy;) what do you guys think?this is my humble opinion:)
     
  18. wat0114

    wat0114 Guest

    The firewall might, come in handy, probably in most cases imo, in blocking outbound comms from malware, but most people will jump in and claim it is game over, that the firewall will be bypassed or crippled by the malware, as though it's as certain as the sun rising in the morning :rolleyes: It is important only for those who view it that way, but in reality it is not important if other, reliable safeguards are in place. Example, I'm confident I don't need the firewall to keep malware at bay, because it needs to get onto my machine first, which I believe to be fat chance at best, but I use the firewall mainly to control outbound comms from trusted processes (though I don't fully trust MS' svchost process) simply because that's my preference, as unusual as it may seem to many. To each their own is what it comes down to.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks for explanation;)
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is the sort of question that opens Pandoras Box. It is the sort of question that anyone who is interested in security struggles with in cycles.

    It works something like this.

    Am I secure? I think so. Do I run programs that are backdoors? No. Do I have a firewall, AV, etc to control my system? Yes, we are good there. Ok, are we safe then. Yes, I think we are - we have good programs and have learned how to protect ourselves.

    (some time later)

    We haven't had a problem, are we secure? Oh yeah, we are secure. Since we haven't had a problem, are we sure we are secure? Oh yeah, we know how to stop about anything, and how to recover from about anything. If we are secure, do we need all this software? Umm, I don't know. I mean, it is now boring to configure everything, to keep everything under our thumb. Yes, it is. Should we stop using it? You know, I think we can.

    (some time later)

    How is our security? Good, not a problem worth mentioning really. But what about if we got a keylogger or other thing - how would we know? Umm, not sure without a tool to watch our packets. Maybe we should have a firewall so we can be sure. Are you sure you want to go back to that again? I don't know, I can't be sure either way. I see what you mean - maybe we should keep everything under our thumb again so we won't be caught with our guard down.

    (some time later)

    I am going crazy here! Me too! All we seem to do is watch out for problems but never see them. I know what you mean. Do we really need all this stuff? Heck no, lets ditch this stuff and get on with something interesting.

    (and the circle remains unbroken)

    Sul.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    sullyo_O
     
  22. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    :thumb: Posts like this,are what keeps me coming back to these forums.
     
  23. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Sorry if you don't get it jmonge.

    It is humorous how one can learn so much, then second guess themselves with the same questions over and over. We all do it I think. It is a never ending circle of wondering if we are secure, then knowing we are, then wondering if we are.

    Not poking fun at you man, just poking fun at how things are.

    Sul.
     
  24. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    Get out of my brain, Sully :D
     
  25. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    MAN this is WILDERSSECURITY *Puts tinfoil hat*

    We are here because we are paranoids and because we like feeling safeee! (That includes me :argh:)
    Anyways, i don't think LUA + SRP can replace a firewall because neither of those protect outbound and inbound connections? :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.