What does a leak proof firewall get you?

@Diver,
NoScript can be configured to control plug-ins, so the window of vulnerability is reduced even more

 

ermm, you're clued-in on pc security...imho you're not the average computer user...

 

It just makes it easier than having 15 different programs. You get inbound protection and outbound protection.

There are at least a couple million who download music alone. Just think how many of them download only apps and stuff. Plus you can embed just about anything into any file these days.


Antivirus and trojan detectors can't always catch the new ones. Maybe you didn't update your def file so your firewall will catch it.


This is why they started doing HIPS. You're virus detectors can't catch it all. I know i dont want a seperate application for HIPS and a seperate application for inbound protection.

Although you can turn off the HIPS in most firewalls if you feel so secure in your browsing and download habbits. Although another point sometimes you dont even know your downloading, like temp internet files from your browser can easily have injections and programs. Theres no such thing as totally safe browsing unless you unplug your internet.


Also, Who worries about inbound protection these days? Maybe ten years ago when everyone was doing port scans and looking for open ports to telnet into. Now usually your crappy dsl router will stop attacks like that. You will be more commonly attacked by a backdoor than anything else.

Average user will not be DOS'd or port scanned so good inbound is almost pointless.

Your most common methods of intrusion now will be
Attack by email
Attachments
Attack by deception
Attack by webpage
Attack of the worms (usually done by email also)
Malicious macros
Instant messaging, IRC and P2P file-sharing networks
Spyware
Viruses

 

Good to hear that that average user will not be DOS's or port scanned but dos this make inbound protection almost pointless ?

Most common methods ?

(1) Attack by email
(2) attachments - really just (1) again ?
(3) attacks by deception
(4) attack by web page
(5) Instant messaging

the others you cite are not methods but the nasties. 1,2,3 can be stopped almost exclusively by the user using a little common sense. Not sure what is meant by attack by web page ? if scripts are involved then Firefox and Noscripts might be the answer. As for 5 just don't use it

 

May I ask as to which type of DOS you refer to? (or do you refer to any type of DOS?)
Port scans are made in various ways, using various methods. Do you really believe home users are not scanned?

 

Well, i can't say its pointless.. We need it to close ports and stealth ports.

What i am saying is we don't need super advanced inbound protection. The basic closing and stealthing of ports is enough to stop script kiddies and port scans. (script kiddie is someone who takes advantage of a well known exploits). In short even the crappiest firewall has enough inbound protection to protect your porn files.



Stem: dos'd i mean a denial of service flood attack. Very unlikely to get hit with these for an average user. Websites and big companies take the brunt of these type of attacks to shut them down for a certain amount of time.

 

I would invest money on educating the users than improving the firewall.

I tend to find a lot of people get infected by not been educated in these "nasty" aspects of the internet. You will always be chasing a dream as once one bit of software is made to prevent it, another is made to circumvent it.

Obviously its worthwhile even for more expert users to have protection, anti-virus, firewall, anti-malware etc, but i do reckon by my experiences knowing what to click, what to avoid etc does help. The only virus that made it onto my PC is one my dad got from an email many years ago, if i was there i would have told the old bugger not to have clicked it. Although I've caught a bad bit of malware once before that must have got through an exploit, one of many in windows as i never accepted it.

 

A "Flood" can, and is aimed at home users. This can be a few hundred spoofed TCP packets aimed at the TCP/IP stack. This can be avoided (for TCP SYN flood) by having a control on the half open connections allowed. Is this the job of a firewall, yes, I belive it is.

The "floods" we see against severs etc, are usually an attempt to take all of the servers bandwidth, and is usually a continuous attack, as we have seen before where servers can be down for days. Can this type of flooding be blocked, no, as it is an attack on available bandwidth.

 

How often is that the case? Not even a issue for most average users. Maybe if you use IRC chat and piss off a script kiddie. Point is still that SIMPLE inbound protection IE blocking flooding and port scanning is plenty enough for the average joe. Actually my router is good enough for crap like that. I'm more worried about trojan and other exploits. But as others said if you know what not to click and have Firefox with NoScripts (everyone should get this awesome plugin) /Anti Virus / Trojan defense you should be fine.

 

Quite a lot.

What would you class as "an average user"? A user who only uses a browser, A user who uses P2P, or uses a game host? or what?

I dont just look at my own setup. I look at quite a large user base and give support. Due to this, I am given access to many users firewall logs and HIPS reports.

 

You are, unfortunately, wasting your breath. Too many will always see a new and improved security program as their salvation in much the same way as a drunk sees another drink as the way to solve his problems when in fact all he has to do is stop drinking and learn how to think for himself.

 

If the robber is in your house- it's much too late. I am doubtful that if they get in, any firewall will keep things from leaving. The firewall paranoia is incredible and a psychological study in itself. The key is to keep invaders from getting in. The extra protection, layered defense, etc. is all nonsense in my view. I use windows XP firewall and NOD32. They have never gotten in so I could care less about leaks.

 

It's doesn't have to be nonsense, but it has certainly been extended to a level of ridiculous in many (most?) cases that I see these days, particularly when it's protection against hypothetical scenarios hatched in a vigorous session of intellectual self abuse....

A firewall, when I use one, is about controlling access to quite valid programs that I've installed, no more, no less - and this can be a very useful function.

Blue

 

Yes, it would be better if it was stopped by a door or a guard. But do you mean you have just to sit quite in case a robber has got in your house ?!

 

Yes it is ridiculous and more. Many posters have six or seven anti-malware programs of various genres to protect themselves against some perceived hypothetical threat(s). More is not necessarily better, and the firms selling this stuff to paranoid users love the paranoia-it puts a lot of money in their pockets.

 

That's great for you, and you don't need to care. But for those who share a computer or network, their admins sure do care.

 

My trading room operation (hedge fund) has a network with 127 boxes, never had a problem there either.

 

I agree with that 100%. Once you start scaling back on all those security apps., the noticeable improvement on the pc's performance is unbelievable.

 

Indeed. I even discovered that the lowly Google Desktop search program was slowing down my own laptop and making Excel slower than molasses. You can take an older box without all the added "protection" and it will just about perform like a dual core with 4mb of ram that is loaded with various "security" programs.

 

Hello,

Actually, for most networks, the outbound protection is one of the least important things. Work environments must be transparent - and that cannot be achieved with firewalls asking you questions.

The simplest way to avoid leaks - don't install crap. Period.

Mrk

 

Sadly its true.

Maybe if we license people to use the internet,

Kidding

 

In my case I was refering to my teenagers. Most of my security (HIPS/FW) is dedicated to protecting the pc from them, They can't differentiate a jpeg from an exe, supposedly. Without them I only need an on-demand AV. When referring to admins, I was referring to admin.accounts for home pc/network. (Sry for misunderstanding.)

 

Hello, 19monty64,

I'm curious why you weren't able to teach them the basics of computing as they were growing up. Your situation seems ideal: a knowledgeable computer user training his children to become safe users.

----
rich

 

Hello,
No worries!
Cheers,
Mrk

 

Teenagers are impossible when it comes to computer security. Why should something like that be acceptable to a teenager when nothing else is? Anyone who thinks otherwise never was the parent of a teenager. Every machine that I have cleaned up belonged to a teenager.

By the way, after reflecting on this thread and the recent India Times story, I decided to add Threatfire to Comodo 2.4 and my AV flavor of the month. However, I consider the malware detection job to be about 65% AV 25% Threafire and 10% outbound filtering. (I consider inbound filtering to be of a different category.)