shambler
|
Question:
If you have a router with firewall, do you need a software firewall as well?
|
|
|
Logged
|
|
|
|
Tabun
Pixel Procrastinator
Team Member
Elite (3k+)
Posts: 3330
|
Software firewalls are laughable. Just set up a nice NAT-'protection', preferrably with the router set up to be a firewall aswell, and leave it at that. Software firewalls are only popular amongst so called 'home users' (ie. the kind that needs to be kept away from electronics at all times).
|
|
« Last Edit: 2006-04-03, 19:40 by Tabun »
|
Logged
|
| Tabun |
?Morituri Nolumus Mori? |
| |
|
|
|
Phoenix
|
Most software firewalls are more of an annoyance than actually useful. A NAT-enabled router, like Tab said, really is the best way to go on broadband.
Software firewalls aren't completely useless, nor are all software firewalls completely laughable. 8-signs is about the only software firewall I would recommend at this point because it gives you absolute control over what you're doing, as well as having a clean interface and advanced logging utilities. Of course, that also requires knowing what you're doing to operate this kind of firewall, as well as knowing how TCP/IP ports work. So-called firewalls like ZoneAlarm tend to give people a false sense of security while letting the most dangerous traffic through. The only good firewall is one that blocks EVERYTHING by default, and you pick explicitly what traffic you want to get through. That's why I like 8-signs. No software firewall is ever going to be perfect, but where you really need a good software firewall is if you're on a dialup connection since you're not behind a NAT. This may seem moot with everyone on broadband now, but should someone be out and about and have to use dialup from lack of an ethernet node, well, it's nice to have that protection. It's also nice if you're, say, using someone else's wireless node (in an internet cafe, for example). I won't touch wireless myself but if I had to I would damn well have a software firewall since there's nothing in the line of a NAT to protect a system on wireless from other systems on the same node. You're trusting whoever set up the node to have properly secured it - big mistake!
One other thing I will warn about with NAT-enabled routers. There is a port trick that's being used now to attempt access to machines, and that's utilizing port 0. Port 0 is not a standard port, but I've found you cannot tell the routers to block it using a ruleset, and they let the traffic right through to your machines. It may show stealth in a scan, but it may still be forwarding through the router. 8-signs picks it up and blocks it. That's how I found out about it is a person I know runs 8-signs (she's a bit paranoid) on top of the hardware firewall, and it was reporting the access attempts. Whether or not the operating system does something with that port is another question, but it's good to be aware of this. I've also found that a lot of routers are now allowing adaptive behavior with port 113. This is so IRC networks will let the "newbies" on that don't know how to open their ident port. You can't block it half the time, so you have to forward it to a non-existant LAN IP address if you want to stealth the port. I actually rolled back my firmware version because the newer firmware wasn't allowing me to blackhole the port using my ruleset.
If you think want to know if you're secure, I recommend visiting Shields Up and testing your ports.
|
|
|
Logged
|
I fly into the night, on wings of fire burning bright...
|
|
|
Moshman
|
I just use the damned Windows firewall. But ZoneAlarm is pretty decent if you need a 3rd party firewall.
|
|
|
Logged
|
|
|
|
Lopson
Elite
Posts: 1133
Still Going In Circles
|
MS Defender also works as a firewall in a way. Besides that, Windows firewall for me. Can't overload my PC with stuff in the startup, you know.
|
|
|
Logged
|
|
|
|
shambler
|
I have been using Norton 2003 since it came out, and have a netgear router. I've tried zonealarm, but it seemed to foul up a few games, so i swopped.
|
|
|
Logged
|
|
|
|
Lopson
Elite
Posts: 1133
Still Going In Circles
|
Zonealarm is nice, specially when working together with IMSecure. But still, Norton kicks the hell out of the rest.
|
|
|
Logged
|
|
|
|
Moshman
|
Norton... BARF! Pay money for what? The same thing that you can get for free? There is avast, MS anti-spyware... hundreds of programs for free, that work just as good, if not better, than Norton does. It was good in the days of Win 95/98/2000, but now has pretty much faded away from the computer security scene, especially since the rumors surrounding Norton for creating viruses themselves to keep their industry running.
|
|
|
Logged
|
|
|
|
shambler
|
Pay money for what? How would do that then? Apart from games, I once paid ?20 for paint shop pro 8. think thats my lot.
|
|
|
Logged
|
|
|
|
Phoenix
|
All piracy discussions aside, regardless of how you get your software I wouldn't make a product decision based solely on unsubstantiated rumors. Besides, nobody *needs* to create viruses or other malware to keep the antivirus/antispyware industry alive. There's enough crooks doing that as it is. I use Symmantec Antivirus Corporate, used to be called Norton, but it's basically the same thing. The corporate version is far superior to the home edition. It has a low memory footprint, catches damned near everything, and is not subject to their stupid subscription policies that the home use versions are. It works very well.
I wouldn't go for anything security related that's put out by Microsoft. Their record on security is laughable at best and criminal at worse. If you want to keep spyware out I recommend using Counterspy, Spybot, and Ad-Aware. If you don't want to pay for a Counterspy subscription I believe you can do manual updates. Definitely use Spybot and Ad-Aware, both free. You really shouldn't run more than one antivirus program as they tend to fight each other and bork things up, but using one good active protection antivirus program, one good active protection anti-spyware program, and doing occasional scans with more than one anti-spyware gives pretty good protection. I also recommend using Noscript and adblock for Mozilla. No java script except on trusted sites and removing most ads = much safer and more enjoyable surfing.
|
|
|
Logged
|
I fly into the night, on wings of fire burning bright...
|
|
|
Lopson
Elite
Posts: 1133
Still Going In Circles
|
I actually like the MS Defender, as I have said. It hunts down spyware quite well and it is a interesting firewall, a rare thing in the MS products. You should try it. Oh, and NoScript and Adblock are simply a must for all Firefox users. Blocks lots & lots of garbage & stops those malicious javascripts.
|
|
« Last Edit: 2006-04-05, 22:29 by [KruzadeR] »
|
Logged
|
|
|
|
Xypher
|
Firewall? Whats that? My NAT Router works just dandy!
|
|
|
Logged
|
|
|
|
|