Why you don't need a firewall (article)

Discussion in 'other firewalls' started by MrBrian, Feb 16, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Feb 16, 2014
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    Last time I encountered worm that was spreading through vulnerable network port was Sasser in 2004. After that MS released Windows XP SP2 with FW enabled and that kind of attack on personal computers has more or less stopped. If we stop using them (FWs), those attacks would surely come back.

    hqsec
     
    Last edited: Feb 16, 2014
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    By default there are no real opened ports. You do not need a firewall nor AV, but the point is, this article is not meant for the common folk, but for savvy users like on Wilders.
    Over the years, that I do not use a firewall, I can not really say, that I miss it. I spent hours, even days tweaking firewall rules to the max, now I see, that it was pointless.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Vista and later use service hardening to mitigate the damage of attacks upon OS services.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Comment from the author:
    I'm not going to turn off the built-in Windows 7 firewall though.
     
  6. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    I've said this earlier, i haven't use any firewall in 8 years and have never been hacked or any other issue with my laptop!!

    I've beeged to hackers to hack my pc and i even gave them my ip adress but still nothing happend. So of course people don't need a Firewall, maybe they need an AntiVirus but according to me NOT a firewall.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    How do you come to that conclusion? All of the NT versions of Windows have ports open. From Vista onwards, some of them can't be closed.
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The original Infoworld article describes inept or incompetent users who fail to write proper rules and don't properly troubleshoot or maintain a firewall. It also mispreresents several issues, ports 80 and 443 being prime examples. Obviously you can't block all of the traffic on those ports and still use a browser. If you don't run a server, you can block all unsolicited inbound connections.

    From a privacy perspective, software firewalls are more important than ever. A software firewall with good loopback control would have stopped the exploit that deanonymized TorBrowser users. Software firewalls are the only tools that can prevent individual apps from calling home.

    Hardware and software firewalls are only as good as the rules they enforce. Unless you're regularly adding more devices or adding services that require remote access, there isn't that much maintenance. The biggest problem with software firewalls is feature creep. The trend to turn firewalls into security suites and emphasizing those features has steered the users focus away from the firewalls original purpose. Writing effective firewall rules is becoming a lost art.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Are we talking about no outbound control, no custom configuration, or no firewall at all? There seems to be a confusion here.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe the author was mostly referring to hardware firewalls that are found in businesses. He advocates using a router instead.

    Background info: Routers, Switches & Firewalls – Learn how they are different.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    In his first article, author talks about remote buffer overflows, so I guess he is talking about firewalls in general (inbound only, outbound, routers with FW...). He claims that system internal protections are enough and we can expose our system wide open to internet with no firewall whatsoever.

    hqsec
     
    Last edited: Feb 16, 2014
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I can think of one more reason for a good Open Source network firewall. We've seen a growing list of modems and routers that are either backdoored, shipped with very vulnerable configurations, or are exploitable. A good firewall in front of a router can make it much harder to reach and compromise.
     
  14. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    Tried such approach some years ago when i had no idea what a firewall is ,but i did know i needed an antivirus then.It was in the XP era ,that one that until SP2 always had high rates of infection.
    So the PC had that XP SP1

    The PC was used for gaming ,connected thru DSL, no hardware firewall in front.
    After every fresh installation ,with an AV installed and up to date it only needed an hour or something like that to get pop ups from the antivirus for worms and trojans.

    So in a few hours the system was practically fully compromised by known malware.
    Seeing the known message that the PC is shutting down was always guaranteed to happen so lssas worms were always getting in..

    This was a real PC not virtualised.This exact reason made look for firewalls and this exactly showed me that with a real firewall no AV is needed. :)

    So don t try using no firewall because you will get owned.
    You can live with no AV installed ,but without any kind of firewall is purely stupid.And as the OS offers a good one i see no reason not to use it.

    The firewall is the first and most important line of defence and only afterwards HIPS and AV come in.

    If you want to get owned don t use a firewall ,like the thread title suggests :).
     
  15. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Any modern consumer OS comes with an integrated firewall. At the very least, use it.
     
  16. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    As I said, they are not really opened, I can not really explain it technically, I hope, that someone smarter will. http://www.ulozisko.sk/obrazky/664488/capture_02192014_023247.jpg
    No, you will not get owned, it is just marketing, when everyone keep saying, if you go on the internet without any security you will be infected within seconds, a good joke.
    The reason not to use it is the same like for the AV, the performance impact or simply running an useless application in the background. I am just sick of even the idea of it.
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    If you do not use an AV then what form of threat mitigation do you use to prevent becoming infected?
     
  18. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Only what I have in my signature, like a sandboxed browser, disabled Windows services, tasks, UAC at max. I call is a passive defense. I rely on Windows to protect me.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Do you use Sandboxie for your browser, or do you use something else? Has UAC ever stopped a real threat that you know of?
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Elaborate please. Security can be anything from running full time av, anti-executable, firewall, fully or partially patched O/S or applications, HIPS, or how about running as a Standard user, etc...

    http://support.microsoft.com/kb/826955
     
  21. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    That link again?! It was an opened port in XP, I know about it, I was infected while I was still installing Windows, twice in a row. It is a history, MS learned its lesson.
    No 3rd party security application, that is my rule, only an inbuilt browser's sandboxing. No, UAC never stopped anything.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Do you do regular scans with Malwarebytes, Hitman Pro, or any other on-demand scanners?
     
  23. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I used too, but then I stopped, I find it pointless, it is not like malware can so simply execute by itself, even if it is in PC already, unlikely what AV companies claim. There are a few dangerous cases like WMF exploits, but they are really rare, like once a few years and even that was exploited long before it went public, so AV would not help either.
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    If you ever become infected you could go for a long period of time without knowing unless your PC is showing clear signs of being infected. I do not trust Windows that much. I deal with sensitive data, and can't afford to risk it.
     
  25. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Well, I do not use PC just for gaming, I have an internet banking, pay by credit cards and I shop online only.
    But do not take me wrong, I do not encourage people not to use any security, just saying, that it is possible.
     
Loading...
Thread Status:
Not open for further replies.