Really Needed?

Discussion in 'other firewalls' started by firzen771, Nov 4, 2008.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    in the modern age today, is an extra software firewall REALLY needed if you already have a hardware one? cause tbh i don't think a software firewall will stop hackers.

    but id like to see your reasons why a software firewall is needed? discuss
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    If you are just talking about inbound, you wont need an extra one because the XP/Vista firewall will do you fine.
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    This question has been asked over and over, and the answer is always the same. It's up to you. If you have a router, then the only thing a software firewall will do for you is attempt to catch outbound traffic. If that's something you want, then use one, if not, then you don't need it.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Please explain how hackers can get by a software firewall into your computer.

    ---
     
  5. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Personal firewalls won't block much - and the software it's self may introduce new vulnerabilities with it's own bugs.

    "Personal Firewalls" are mostly snake-oil.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You didn't answer my question.

    ----
     
  7. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    But still no explanation how a hacker can work around a software fw and take control over the computer from the outside without using a trojan ń stuff. That would be more convincing info to prove a point for noobs like me.

    btw even without a firewall it seems to be pretty hard to get infected ime. I have exposed a unpatched XP to the net for almost two days straght when I wanted to see if it was true that it would take 30 seconds for the worms to do their stuff. Someone told me that most of the incoming bad stuff is blocked on the ISP level anway, so maybe a hardware firewall is of no more use than a software dito whem it comes to inbound protection?
    Isnt it so that even if someone finds open ports on my computer he cant do anything with them unless there are software with bugs that allow commands from the outside?

    I would like to play with a hardware firewall but they are way too expensive if I want to utilize all my 100Mbit.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    When you look at the current exploits, they are all easily blocked by a firewall. Most recently:

    MS08-067 Worm in the wild?
    http://isc.sans.org/diary.html?storyid=5275
    ms08-067 exploitation by 61.218.147.66
    http://isc.sans.org/diary.html?storyid=5288
    Any properly configured firewall will block a probe to unauthorized ports. From my log this evening:

    kerio-probe.gif
     
    Last edited: Nov 5, 2008
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I did the same for 4 days w/o a firewall with Win2K several years ago. It's secure if you insure that all ports are closed -- no services opening ports.

    NOT to be recommended, of course, but just to demonstrate that a closed port is a closed port, whether done within the Operating System, or with a firewall. A firewall is a much easier and safer way of doing it for most people.
     
    Last edited: Nov 5, 2008
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yep, several of us have done it. I did the same, no firewall at all, on Win2k for over a month, nothing happened. Of course I tweaked a few things so all ports were closed.

    And yes, even if ports are open, in order for someone to do anything from the outside, there needs to be a vulnerability in the service holding the port(s) open for anything to be exploited from outside.

    And yes, ISP's often do try to block the more commonly exploited ports and traffic, although many do not. You'd have to check your own ISP to be sure.

    A router is good enough, and if you're running a software firewall alone, and it's blocking all ports properly, then nothing can get in either, "hacker" or othewise...

    As has been said, a closed port is a closed port...
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Indeed!

    Interestingly, back in Win9x days, some people warned of unsecured ports. It just wasn't talked about much in the mainstream media.

    Often missing in so much of the sensational articles about the dangers of exploits these days are simple preventative measures that could avoid such mishaps, negating a zero-day vulnerability. And often, the prevention is just basic firewall security.

    In looking back at my notes from a couple of weeks ago when the MS08-067 exploit broke in the news, there is this revealing comment by Microsoft's Michael Howard in his blog of 10/23:

    MS08-067 and the SDL
    http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
    The MSBlaster worm exploited Port 135. The Sasser worm a year later exploited Port 445. The recent MS08-067 worm exploits Ports 139, 445.

    I agree with your comments about router and software firewall. In my log this morning, from Russia with love:

    kerio-ru.gif
    ______________________________________________________________________________


    References

    MS RPC, port 135, DCOM buffer overrun and the Blaster worm
    http://www.keyfocus.net/kfsensor/help/AdminGuide/adm_RPC.php
    eEye Digital Security - Research -- ANALYSIS: Sasser Worm
    http://research.eeye.com/html/advisories/published/AD20040501.html
    More detail about MS08-067
    http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
     
  12. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    The only reason I use a software firewall is to monitor for outbound applications. I want to be the one asking if there is an update. Leaving the fw in rules wizard alerts me to many apps that automatically 'phone home', and then I can stop that behaviour.

    I also like a firewall that has a good log. Many times I use this to add a host file entry to something that has no feature to turn off the update portion. Or just sometimes to be curious as to what is going on. My rules are easy, they consist of Allow, Deny or Allow Local.

    But I agree overall that they are really not needed with a router or hardware firewall.

    Sul.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If for some reason I had to choose one, either a software or hardware firewall, I'd choose the software firewall just to have the ability to control traffic for each application. My hardware firewall is a fairly recent addition. I ran just a software firewall for many years with no problems. Nothing ever bypassed it or killed it. The terms "hardware" and "software" are somewhat deceptive when it comes to firewalls. So called hardware firewalls are installed on separate hardware with its own OS, usually Linux based. Software firewalls run in Windows. Both are actually software firewalls. Software firewalls are vulnerable to malware that gets downloaded and run in Windows, attacks from within that are usually the fault of the user. If Windows is clean, the software firewall will do its job.
     
  14. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    The only reason i use a software firewall is for protection on a LAN. If i'm at home i don't use them but if i connect somewhere else then i do.
     
  15. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    :) LOL...paranoia ala carte :p ;)
    I've been blessed for many years with a FREE software FW...I couldn't ask for a better one.
    Although I'm sure there ARE better ones out there. I tried a couple others but couldn't
    deal with them, as I am not very smart with certain technical things.

    So far (knock on wood), I really had no particular problem....I can see when something wants out, unexpectedly or In.

    My pc is like 4 years old - never ..uh...reformatted :oops: and with my FW and a couple other security progs, my putie is running fine. (Maybe slightly slow, but age does that to you)

    All in all...no hardware Firewall needed. Not for me.
    I hug my pc every day for being sooo good to me all those years. :-*
    Aeh --- ok...I also pay respect and bow down and ..uhm...thank...him..?....? ...I mean...my faithful PC, OK ! Gee........:doubt: o_O
     
  16. cruser921

    cruser921 Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    79
    i just added a software firewall to my computer even though i'm behind a router my isp told me its a good added layer. just in case something i d-load was infected and my AV did not ketch it my firewall would when it tryed to phone home.:) so i see it as a extra layer.
     
  17. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    What kind of isp do you have if I may ask...?
    Mine never communicates with me...
     
  18. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Stupid question for all the know-it-alls.
    Sorry. :ouch:

    o_O
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Why isn't the software fw sufficient? How exactly are the evil matrix hacker gonna get in?

    OT, it's a matter of choice; if you want one, use it.

    Mrk
     
  20. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    This question arises here every two weeks. Isn't it a time to FAQ it ? (rithorical question).

    Short answer: it depends. If you have nothing valuable on you computer and can painlessly restore from a backup than you need nothing but pure system and backup software.
     
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Not including HIPS components or any other additional functions found in firewall suites, referring to just the internet firewall itself, here are some things a software firewall can do that a hardware firewall can't.

    A software firewall can:
    • Allow one application or program to receive incoming traffic while blocking incoming traffic for all the other software.
    • Limit one applications internet access to a single IP or range of IPs while allowing another to access any IP.
    • Prevent applications and system components from connecting to specific IP ranges while allowing them access to all other IPs. Useful for preventing apps from calling home and still giving them internet access. Also blocks adservers from specified IP ranges. Useful for applications that display advertising on the user interface.
    • Limit individual applications or system components internet access to a specific port and/or protocol.
    • Allow, block or limit local (loopback) connections for individual applications. Useful for forcing the browser to connect through a filtering proxy like Proxomitron. Also defeats some malware.
    • Alert when a system component, application, or malware tries to access the internet for the first time.
    • Log internet activity for individual applications.
    • Quickly block all internet access with one or two clicks on the tray icon.
    • Verifies the MD5 signature of the applications and components seeking internet access and notifies the user if they change.
    There's plenty more. This is just what I can think of offhand. Software firewalls are extremely useful security tools.
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Why would you need to do any of that? I dumped 'em years ago and have not missed them since..... no need....
     
  23. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Indeed a good idea
    But this is just ME. I'd never store anything too valueable on the pc.
    Just don't trust it, FW - back ups or not.


    @ noone_...that's how I believe too.
    I also believe in Layered pc protection. Like so many people here do - there's a thread or two - or 3 - 4 (?), about this. A FW and Anti- virus is of course not the only thing we should guard the computer with.
    I'm sure you know this though.
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I did the opposite. I've put strict controls on internet access with Kerio and equally strict controls on processes with SSM. To this I added detailed content filtering with Proxomitron. With these in place, I've removed all AVs, ATs, antispyware, and all other signature based detection software. No need. I don't have any virtualization, sandboxing, or behavior blocking software either. Again, no need.
     
  25. Arup

    Arup Guest

    Been running behind a NAT router with Avira Premium and till now I haven't got infected. Of course I do practice safe surfing and from time to time, take a netstat reading to see if anything suspicious is going through. A good AV with well designed HIPS is all one needs behind a router, why slow down your traffic and have multiple pop ups to deal with, also firewalls, specially the paranoid ones put load on CPU and file sub system, unless one really surfs at the darker side of the net, its not really essential.
     
Loading...
Thread Status:
Not open for further replies.