Should i use software firewall?

in ur case, did u relative even understand what that extra connection was? i doubt it if there an average user, most people wuld just go, ok im gunna allow this for no reason, and boom useless, now if ur relative had better preventetive measures in place, like defensewall or geswall or some sort of virtualization etc, then the botnet wuldnt be ther in the first place, thus leaving the FW to do nothing but waste resources and slow down ur traffic. and if the user is experienced, then they know well enough how to protect themselves without the need for a FW to jail the already ther infection into their system. the only real place i can see a FW even remotly useful is in a LAN, and thats if ur prevention fails.

and i never said a FW is to stop infection, i said it just bottles it into ur system (that is if it isnt bypassed/diasbled)

this discussion culd go back and forth forever, both sides will always say the other is wrong.

 

firzen711, i'm just wondering when you had avira security suite beta did you disable and not install the firewall?

 

i just chose to not install it during installation, and was only using the suite because during the beta they only had the suite.

 

I guess I'll throw in my 2cents.

I used to use Outpost Pro (still do on my laptops that travel) On my office / home boxes I do not use a FW. My approach is NAT / SPI & Hips for outbound.
In fact my new set-up has two routers. Actually the first one is really a Gateway that provides the static IP the second is a wireless router. I've found that for outbound protection a Hips is the answer. It allows as much or little control as you want.


...screamer

 

i agree, if u really want to have that extra control, use a HIPS, least that is preventetive AND will protect u on outbound

 

I don't disagree with you firzen771 about more prevention is needed over a firewall, and that is where the focus should be. I agree with you on that point. However, not every malware is going to disable your AV or FW or even disable your computer so that you can't use it. I believe not having "any" outbound control is a mistake even though its not 100% leakproof. Almost like saying why use a AV if its not 100% detectable. With a firewall all he would be loosing is some grief and a little speed, he'll gain more inbound/outbound control --having application/port rules more than a router or windows firewall--and include HIPS into his list of security programs.

 

Sorry, could u give a description of whats this picture is?HIPS?router?

 

It's Malware Defender. (HIPS)
A screenshot of the rules settings.

 

thanks lonewolf

 

Very good posts, but it still is all conjecture and preference. The OP wants to know if he/she should use a software firewall. I doubt anyone with much experience would say they are bad for the system. But also many have experience enough to stay problem free without one.

It still boils down to what kind of experience the user has, how much the user wants to be 'involved' with it, and how secure they feel thier system is or will be.

The points presented here certainly give good cause to either using one or not.

Personally, I tend to agree that a firewall in the hands of someone who knows how to use it can be beneficial, and in the hands of inexperienced, can be a learning tool. But I don't believe they are an end all to threats. A top notch firewall can be nuetered by a user the same as an average firewall can become top notch in an advanced users system.

Sul.

 

Sully, that pretty much sums it up.

...screamer

 

Yep, good post Sully.... that says it...

 

With great respect to all this matter is an ongoing "debate" that probably has no single answer that applies to all users! There is no one solution that fits all situations.

It is your call to make. FWIW, my view is with a solid router well set up that should cover issues with incoming packets with windows FW set up as described in one of Stems threads on "hardening" windows FW that would do it for those only concerned with incoming. The argument there is these users trust the appications on their PC's. They have faith and may be unconcerned about packets leaving their PC's for parts unknown. I don't share this faith. But this is well known here.

If you have concern about privacy in todays world and who doesn't then in my view you should have a SW FW that allows YOU to decide which applications should have access or not to the www. Just because they want access and ask for it doesn't mean user should tick yes sir "your wish is my command". I'm not suggesting you guys would do that just making a point.

If you do decide to install a 2 waySW FW there are many out there and lots of information about how they perform here at WSF and on the evaluation sites.

Pick one in the top tier usually about 5 on the list but that changes as the vendors jockey for rankings.

Install a Trial first before laying out $. See how the support is before buying.

Hope this helps.

 

if one feel like a freaking nerd that wants to know every move on his system a firewall will be a very usefull tool(teacher)but remember no infection "no conection"prevention is better than the cure,silence in a system is cool too
this will depend if you want more control of network connection and or learn about your system alitlethen install a software firewall(in/out)protection ,ok now that you are talking about if one needs a firewall for outbound or not,yestarday i was testing my security apps and guez what?i run the virus(new one)my antivirus didnt do nothing and my litle tool call Dynamic Security Agent jump and complaint for inbound activity,click allow to see what happens after then DSA complaints for outbound then block it and end of the story.
noteDSA is kind of hips with a firewall so i think even if i dont like firewalls i still can use them to complement with securitynow if you have a pure hips system or sandbox with sort of outbound protection with just your router/hardware firewall for inbound will be enough

 

Regarding DSA, tell me more about it please.

The vendor, link etc. Is it sort of a hybrid or mini suite like a FW + HIPS.

On the missed virus which AV are you running that missed it?

 

Here's a link: http://www.privacyware.com/dynamic_security_agent.html

 

This piqued my curiosity, could you give me some links for the articles that show its one of the worst firewalls? Not for application filtering but in actual packet filtering and all of course.

Cheers,

Alphalutra1

 

prevx missed it and the app that blocks it was DSA from www.privacyware.com
and it is a hips+firewall,it is very simple but powerfull

 

I bet 2 cents ThreatFire would actually catch that new virus of yours.

I'd the same experience with Prevx, but then it looked like the Real-Time protection had serious problems overall. New features and improvements are being developed for it though, so stay tuned.

 

Do you think that can comes out some conflit if I use DSA and a common firewall?

 

You're already overloaded with security, why add to it? You're running a router, LUA, an AV and behaviour blocker and several on demand scanners, as well as an alternative browser and privacy app in CCleaner. Seriously, you do not need a software firewall. You are very well protected and have all the bases covered.

 

I agree, I would also remove some On-Demand-Scanners

 

I wuldnt, ondemand scanners add nothint negative to a system, and can ensure ur PC is clean, dont see why ud suggest to not use them :/

 

Exactly, just use the reliable ones that don't add a useless process that's running in the background. Use respected and effective ones overall (e.g. SAS, MBAM and/or Dr. Web CureIT!).

 

no cause i uninstall prevx and tried it again and fail still