Should i use software firewall?

Discussion in 'other firewalls' started by runoades, Mar 16, 2009.

Thread Status:
Not open for further replies.
  1. runoades

    runoades Guest

    Hello.

    I am behind of NAT/SPI Router so should i use software firewall? If your answer is "yes" why? and which firewall i have to use.

    My new protection - testing for now-

    OS
    Xp Pro. Sp3 - Original licence.
    Limited user account working

    Realtime
    Avast Home Edition 4.8
    ThreatFire Free

    On-demand
    a-squared Free
    SUPERAntiSpyware Free
    Malwarebytes' Anti-Malware Free
    FREE Dr.Web CureIt!

    Other
    Firefox 3.0.7 (adblock + keyscrambler + WOT) - daily surfing.
    IE 7 (WOT + keyscrambler) - banking and shopping only.
    CCleaner using - before when i close my computer.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    My opinion is that the basic windows xp firewall will keep you safe enough, with a rude attempt to let you know somethign is trying to be a host. Whether you need a firewall though is really hinged on your trust level of what you have installed and what you will install, desired or not.

    If like I, you trust all your apps and know them well, and never let a new app onto your real OS without first testing it and seeing what it may be doing, then why would you need to be told by a firewall what you already know is happening?

    On the other hand, should there ever arise the possiblity of something being installed without your knowledge or a truste app being hijacked, you may not know it without a firewall telling you about it.

    Personally, I use xp firewall, but I rely on ipsec with basic outbound port restrictions to do most of it. For example, I only allow outbound port 53 dns to my 3 dns server addresses. It may not be a kill all, but it will stop apps that have a dns address coded in them to use. I also only allow outbound ports 80,8080,443 and some others. This does not again be a kill all, but it does reduce the odd chance of other things happening.

    Sul.
     
  3. YODA

    YODA Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    100
    To make it simple, Yes. Software firewall should be employed on every computer for the security of outbound protection. Even with the router(only inbound protection), it is not enough. I would probably suggest a firewall with HIPS, such as comodo or online armor but more importantly something that works in conjunction with your other security programs. BTW, i'm not sure how compatible those firewall's HIPS work with threatfire. Maybe someone else can put some more insight on this.
     
  4. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    no u dont need a software firewall if u got a router, why do u need to have outbound protection if u dont get any infections? if i were u, focus on not getting infected in the first place instead of trying to control the information it sends out. cuz if uve been infected, idc what software FW u use, you are sill compromised. just keep windows FW on and you will be just fine.
     
  5. runoades

    runoades Guest

    Two different answers so i am confused o_O i am waiting other member' posts for final decision.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    You would only want a software firewall if you were very concerned about outbound traffic getting out without your knowledge. I would think since you're using a decent AV, and Threatfire, you'd be covered pretty well, and would not need one. But again, it depends on you, your internet habits, and your concerns. Personally speaking, I dumped software firewalls the minute I bought my router, over 3 years ago.... but it's a personal choice.
     
  7. YODA

    YODA Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    100
    Who's to say your computer won't be infected? No AV is 100% secure. Yes there are ways to minimize your risk, but if you computer is clean what does it matter? If your infected and if don't know your screwed, and if data is coming out of your machine your screwed twice, why have less protection? It's the reason why software firewalls were made to have two direction of protection or else they would of just made them with only inbound. Second i wouldn't use windows firewall, if you look around its one of the worst firewalls.
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thats ur opinion i guess, but not a single infection with me and no software FW, and lol im kinda risky surfer :D if malware really wants to, it will find a way to transmit data im sure, and as u said no AV is 100%, no FW is 100% either to catch all outbound, 99.999999% of the time ull be answering the same repetetive non malicious questions from the FW to allow. as i said, focus on keeping infections out rather than trying to keep them in once theyre their. if u got a nasty enough infection, will a software FW save ur comp from being unbootable cuz of serious malware? no..... if u have a bad enough infection, who says it wont just disable ur FW, and boom what a waste.

    Now if u make sure to PREVENT the malware getting in, in the first place, then ull never have any of those worries. IMO just focus on prevention, not trying to jail the malware onto ur system once its there. For prevention im not talking about an AV either, AV is good, but threatfire would be more prevention in ur setup, u culd add maybe Defensewall or something to add to the prevention layer, etc.
     
  9. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I have a router and I use a software firewall too.
    My reasoning is that it adds another layer of protection.

    Which firewall should you use?
    That's difficult to answer.
    From the list of programs that you posted I'm guessing that you would want freeware.
    Online Armor free or PCTools Firewall Plus free are two firewalls that I like and they are easy to use.

    http://www.tallemu.com/free-firewall-protection-software.html


    http://www.pctools.com/firewall/

    Hope that helps you.
     
  10. progress

    progress Guest

    I agree with both, but if you ever notice the outbound protection it is too late :( The system has been infected ...
     
  11. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    Exactly my point
     
  12. stratoc

    stratoc Guest

  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting... It's something I've come across with sometime ago.

    I personally enjoy much more, along side with software firewall, a home made firewall, instead a router.

    But, getting back on that document, if we can call it that way, isn't a router a piece of hardware with a software firewall on it, to control inbound traffic?

    From that perspective, would a router provide any additional security, if turning off the services?

    I mean, who ever wrote that piece of text, claims that personal firewalls, and I'll assume that's what he/she had in mind, simply suck.

    Well, a router also sucks, even greater. Why? Only inbound protection. But, then, we could say that even this protection isn't needed if we turn off services.

    Then, it is suggested for people to create their own firewall, using for the effect Linux, FreeBSD or OpenBSD.

    Right, most people don't even know how to deal with Windows very well, and they've used since ever, even less one of those, even if just for setting up a firewall.

    But, then again, wouldn't this be useless as well, considering that all people would have to do is disable services?
     
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This article makes a lot of wrong assumptions and I wouldn't consider it exactly a definitive source of information about firewalls. If you want more details about what I mean, please tell me and I will elaborate.

    As for closing services... In some situations, it is a good idea. If there is no open port on a computer, there is almost no probability of a network attack. From this point of view, a router or a firewall with inbound protection will be useless. However, take into account the fact that it's not always possible to close all services that listen to a certain port, so a firewall or a router are the only possibilities for protecting the computer from an inbound attack.
     
  15. stratoc

    stratoc Guest

    i don't understand firewalls, or claim to. i know i didn't use one (and don't now despite my signature) and they have only ever caused grief to me, pc used for online gaming mainly, in the 4 months out of many many years i feel the resource and pop ups and unessesary blocking outways what they do, if indeed they do anything.
     
  16. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Agree but for a less knowlegeable user, it may be the only way to find out that he/she is infected.:doubt:
     
  17. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes that might be tru for some people, but im just reinforcing, if uve already been infected, no software FW is gunna do anything to help you in the end. ur already compromised :doubt: just keep the frontline preventetive defences strong and you will be perfectly fine + u'll have less grief which software FW's usually cause.

    and router's are more effective because they are seperated from ur windows operating system and are a protection before of the network stack in windows which means they can intercept and attack much earlier, unlike personal software firewalls, and since they are a completely seperate piece of hardware, they are almsot never directly targetted and the traffic HAS to move through the router's firewall where software firewalls can be disabled or bypassed.
     
    Last edited: Mar 17, 2009
  18. agagouga

    agagouga Registered Member

    Joined:
    May 21, 2008
    Posts:
    26
    Until you decide if you need software f/w or not (my suggestion is yes! yes!:D ) , you can go to your threatfire at custom rules and activate
    the rule about outbound control (don't remember exactly as i don't have it anymore). Then stop/start threatfire. After this, every application that tries to connect to internet will produce a threatfire pop-up, so if you agree you create a remember rule :thumb:
     
  19. stratoc

    stratoc Guest

    another thought i have always had. If a nasty has got passed everything and is phoning home, i would really doubt if a non technical person would know, it's hardly going to say "a trojan is trying to connect to..." these programs are written very well (unfortunatly) i just cant see a firewall doing anything, i suppose the hips ones would help, but you don't need a firewall to have hips of course.
     
  20. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thats very tru
     
  21. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    @Runoades

    Like I said initially, and all the posts since have only proved the point. IF you are knowledgable and TRUST the software on your computer, and feel SAFE from possible infections etc, then there is no need.

    IF you are the type who HAS to know what is leaving your computer, then use one that monitors applications.

    If you were to get compromised, a firewall can give you some indication. But too late at that point.

    Many prefer a HIPS/Firewall combo approach, or some method thereof, to ensure all is safe. If you don't mind investing the time and gaining experience to KNOWLEDGABLY know how to answer all the prompts, then go for it.

    Bottom line, a firewall comes in two flavors. Application aware and application unaware. IMO both to be used properly require some amount of knowledge as to what is going on.

    All software firewall users need to ask themselves a very simple question. If you use a firewall to restrict for example IE, and allow it outbound on port 80, how do you know it is infected unless you have told it only to go to ip a.b.c.d. A firewall, unless very tightly restricting application such as IE, can not tell you it is going to BadSite.com the way most people set the rules up. You would need a HIPS sort of portion with it.

    At that point IMO it is no longer a firewall, but an internet security suite.

    Which is the OP asking for? A firewall, or a suite? Lot's of questions but only the answers can come from the OP.

    Sul.

    EDIT: I dont' know about others here, but I would rather have an app like 'Little Snitch' that simply informs me of a network access attempt, and then allow or deny. That would be enough for me.
     
    Last edited: Mar 17, 2009
  22. nomarjr3

    nomarjr3 Registered Member

    Joined:
    Jul 31, 2007
    Posts:
    502
    I don't use a NAT router, so all the inbound/outbound filtering that goes through my computer is managed by a software firewall.
    With the right configurations, a firewall w/ HIPS is enough to keep you secure when surfing the web, as long as you know the decisions you have to take when occasional pop-ups occur.

    I run CIS Firewall and Defense+ with ThreatFire, and so far I have NO compatibility issues whatsoever.
    ThreatFire is a behavior blocker and not a HIPS, so it doesn't conflict with Defense+.
     
  23. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is not true. Even if you are infected, a personal firewall might help you see what happens. It might even stop spreading an infection from your computer to other computers on your LAN (if you are part of one). An important part of malware do not try anything special to connect out, contrary to what leaktest writers/fans will tell you. (Don't get me wrong, if you are infected by a clever piece of malware, personal firewall might not be capable of stopping it from spreading).

    100% true for incoming attacks, not true for outgoing. A router can stop all incoming attacks, but it will have a hard time stopping attacks originating from your computer, and that happens exactly because the router is separated from your machine, and the packet ownership information is lost.
     
  24. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes a FW will protect outbound, but only things i dont like about them are

    a) can be bypassed/disabled by malware
    b) can cause a lot of grief
    c) if ur already infected and compromised, u cant trust anything on ur system, already too late, FW will just contain then infection (so it might be somewhat helpful in a LAN)
    d) why worry about keeping an infection in when u culd have stopped it from the start? find me a single person who thinks that isnt true...

    im telling TS, focus on prevention, try out something like GesWall or Defensewall and you will NEVER have a need to worry about a FW, i can assure u that, i believe GesWall even has outbound protection as does Threatfire if u configure it right, so there u go, no need for a software FW anyways.
     
  25. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Is not a firewall's task to prevent a system from becoming infected. That's a job for the antimalware industry and to those knowing what they do, HIPS (although malware tagging is still up to the antimalware industry).

    The same way an antivirus won't prevent hackers from getting in your system.

    So, a firewall will never stop an infection from happening, in the first place.


    I'll give you an example. Not so long ago I experienced something really odd. The Internet connection of a relative, besides connecting to his ISP's DNS servers IPs, was connecting to a third IP.

    This IP clearly wasn't part of the needed connections. Not even related to the ISP.

    Most likely this was the result a botnet.

    If weren't for the firewall alerting for that connection, then, my relative would never know about it.

    Of course, it was blocked since day one. I then applied a policy to only allow connections trusted, as those needed by the antivirus, etc. Anything else, simply blocked.

    It's true that the firewall, itself, didn't stop the botnet, in the first place, but, it helped mitigate the end result. That's what I hope from a firewall. Not to be the one and only solution, but part of it.

    So, personal firewalls are useful. They're part of a layered security. Just like an antivirus is, even missing a lot malware.

    Now, would a router give such warning? No. Would my relative ever know something was wrong? No.
     
Loading...
Thread Status:
Not open for further replies.