Should i use software firewall?

Hello.

I'm behind a NAT router with hardware firewall so should i use software firewall? if yes. why? and which one should i use?

Dual OS
XP Pro Sp3 + Lubuntu

Regards Draghoneoxpar.

 

Yes (using XP firewall), if you get a worm on a PC that could spread over your network it would help mitigate it depending on your network setup. If you want outbound control, you will need a 3rd party as XP firewall doesn't have it.

 

If you do a search here, there are some posts about.

 

A router gives splendid protection for incoming connections, but not for outgoing connections.

Most malware infections are very inconvenient, but the *worst* that can happen is you have to restore your system disk image (you DO make weekly images, right?) or (if no image is available) reinstall your OS & programs etc --- bloody inconvenient but not the end of the world.

The really really BIG threat is if a keylogger or screenshot stealer or clipboard grabber gets loose inside your computer. Once your personal data gets stolen & communicated to the bad guys, they are free to rape, plunder, & pillage at will.

A good way to emasculate keyloggers & their ilk is to CLOSELY control outgoing connections. Even if a keylogger steals your private data, it is useless to the bad guys if that information cannot be communicated to them.

And there you have the singularly best reason (IMO) why a software firewall is absolutely essential -- namely, to control outgoing connections.

Good choices include but are not limited to: Kerio2.1.5 & Private Firewall -- both are free. Kerio works with XP. PFW works with all Win versions.

 

I mention PFW because it is good & light & free & time-tested & gives excellent broad-spectrum protection. Recent PFW threads are HERE & HERE & HERE.

Matousec tested an earlier version of PFW. Results HERE. Those are mainly leak tests. PFW did well then, & has improved since - BUT you mainly need outgoing connection protection, & leak-proofing isn't very relevant to that. PFW & Kerio -- either one -- will do a good job for you when it comes to outgoing monitorship & control.

 

The Auto mode (default) of Privatefirewall will allow outgoing AND incoming connection for all trusted applications without almost no user interaction.
It is a good firewall but most of it rules grant both incoming and outgoing access which most programs don't need, or at least if they need internet, outgoing would be enough.
The other main issue with Privatefirewall is NO IPv6 support, which means no Home Group on win7 and a very laggy LAN access.
Otherwise it is a very easy firewall to use under any circumstances.
What worries me is that there is no stealth mode, the firewall allows System access to NetBIOS and port 445 on the High (Internet) settings, a problem that I have discussed with their support.
I installed it on a clean computer with Win7 and it did NOT pass the Shields up test, a very basic test that even the windows firewall set on a Home profile can pass without issues.
It is upon the user to disable those rules to achieve full stealth status.
Other issue that I find is that for some programs, if you disable Internet access, the firewall will enable it back by itself, that is NOT good behavior.
The HIPS on the other hand is very good and comprehensive.