1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Software firewalls worth it?

Discussion in 'General Security' started by PK-her0, Apr 2, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. PK-her0

    PK-her0 Thread Starter

    Joined:
    Sep 17, 2007
    Messages:
    1,550
    just wondering what you guys thought of software firewalls...
    is it worth it
    i installed zone alarm once...it basically crashed my machine
    and it was a real annoyance.

    whats komodo like?

    any input appreciated...
     
  2. Mumbodog

    Mumbodog

    Joined:
    Oct 3, 2007
    Messages:
    7,889
    In XP, Vista and W7, the built in firewalls are very good, the only thing they don't do is monitor outbound connections made by programs.

    .
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,904
    First Name:
    Frank
    Personally, the built-in Windows firewall works fine for me.

    COMODO firewall gets good ratings, but I've personally never used it.

    If I work on a computer and find ZoneAlarm installed, I usually convince the owner to get rid of it.

    ----------------------------------------------------------------
     
  4. Noyb

    Noyb Trusted Advisor Spam Fighter

    Joined:
    May 25, 2005
    Messages:
    21,003
    First Name:
    Jay
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,757
    I used ZA for about 4 years until W7 came out.......after that, their firewall was far more granular than ZA's, and far more tweakable. That said, I operate a vpn behind a router, so I've got the double layer protection.
     
  6. Stoner

    Stoner Banned

    Joined:
    Oct 26, 2002
    Messages:
    44,931
    I'm behind a NAT router with Online Armor as a software firewall.
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,757
    just can't do things half-way, now, can ya stoner? :)
     
  8. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear PK-her0,
    Let there be no ambiguity about this:

    1)Yours/mine, MS default firewall and ROUTER protect you/us from inbound attacks.

    2) A stand-alone or a bundled one in a security suite protect you/me from outbound attacks!

    Reference: http://www.wilderssecurity.com/showthread.php?t=158786

    A) I ran two tests using the grc's "leak test"--A) my KIS2010 firewall turned off, XP PRO firewall turned on, Obviously meaning ,behind the router only the default Windows firewall is working!) Kindly see the thumbnail--2.

    B) KIS2010 firewall turned on and XP Pro Firewall turned off!(Here, behind the same router,only the software firewall in KIS is on)Kindly see the thumbnail--1.

    Though there are many more rigourous tests in both Matousec and grc, i thought ,as a demo this would suffice!

    The tendency to depend on versions prior to Windows 7 ( i don't know a thing about Win. 7's firewall!) is possibly playing with a Panther(the one cat in it's class which is near impossible to completely tame);)! May not live to tell the tale/tail:eek:
     

    Attached Files:

  9. Stoner

    Stoner Banned

    Joined:
    Oct 26, 2002
    Messages:
    44,931
    :D

    One of these days I'm going to get around to setting up something like Smoothwall or IPCop on a spare computer.
    ('One of these days'.....I don't know how many times I've said that ...:D...)
     
  10. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    I have just deployed Win7 Pro in a VMware virtual machine hosted by my Linux workstation.

    This is the first new Windows deployment I've done in about 8 years; I have been doing Windows development in my Win2000 virtual machine and had an XP laptop I used for testing on that OS. I skipped vista altogether.

    After deploying Win7, my first action was to turn off the Windows firewall and install zone alarm - which still serves me well on XP and 2000.

    ZA displayed some interaction with the power management service (which resulted, curiously enough, in problems with my virtual LAN environment between Win7 and my various Win2K virtual machines), AND it failed totally to block microsoft components from talking on the internet. I blocked those microsoft components using iptables in Linux (one advantage of a virtual machine) and began investigating.

    I finally uninstalled ZA and installed Online Armor. OA was too liberal in its default definitions of what programs to allow, but it could be configured and trained - and it did indeed successfully block the various microsoft components after I figured out how to make it do that.

    I continue to block a lot of stuff using iptables, and I'm continually monitoring the network connection to identify more things I need to block, but right now that is more precautionary than anything else; I do seem to have the situation under control. Online Armor is coming into line with what I require in terms of what it allows and what it blocks, and I am having it log everything IT does so that I know what it has decided.

    I guess that now I have to rate Zone Alarm as an "avoid". In the day, it was the best of the firewalls, but I guess things change and the version that runs on Win7 does an extremely poor job.

    While researching this, I did learn that the windows firewall in win7 can be configured to block outbound connections, but I found the mechanism to do this to be obscure. Also, I tend to not trust microsoft. Further, I have always followed the pattern of having my security mechanisms be third party because getting as far as possible outside of the microsoft monoculture is in and of itself a security enhancement.
     
  11. TheChocolate

    TheChocolate

    Joined:
    Mar 28, 2010
    Messages:
    29
  12. tomdkat

    tomdkat Retired Trusted Advisor

    Joined:
    May 6, 2006
    Messages:
    7,148
    I used to think this same way, until this happened.

    It appears something similar has happened to my dad except he's running a Comodo firewall (now) and I haven't been able to track down the source IP address Comodo reported.

    Peace...
     
  13. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    If you have Vista or Windows 7, the built in firewall does outbound blocking, if you turn that feature on. However, both versions of windows do not do a good job of assisting you in specifying which program executables to allow outbound. For example, to allow Internet Explorer to ask for web pages, you have to Allow the executable Iexplore.exe outbound. You also have to allow some services like Windows Update and Windows Time to reach out. Also, you have to allow some part of your antivirus to reach out and fetch definition updates. There are quite possibly other windows things that needs outbound access, but I have so far allow those mentioned above, and I am quite content to let the rest bang at the firewall.

    Comodo is a pretty well rated software firewall, but I don't personally like it. And that is because it has its own whitelist of programs which it considers ok to allow outbound - and that list is not available for viewing. So you have to trust Comodo on what it decides is ok. Comodo also has a host intrusion detection component called Defence+. I believe it monitors the registry, and prevents nasties from changing/adding things to it. It is a good thing to have.

    You asked if a software firewall is worth it. Yes, I think so. Especially those that can pass 'leak tests'. Viruses, botnet software sometimes leverage other legit software to call home to their master. A good software firewall is able to block these from doing so. So, it is another layer of defence in case your antivirus/antimalware program fails to detect them. No antivirus software can protect you 100%, as there are so many new nasties being born every day, so having multiple layers of defence is important.
     
  14. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear tomdkat,
    Kindly "enable" the "ICF"(short for Internet Connection Firewall). How to do it? Site : http://technet.microsoft.com/en-us/library/bb456986.aspx

    How does ICF work? Site : http://www.microsoft.com/resources/...roddocs/en-us/hnw_understanding_firewall.mspx

    I have read a Microsoft article that mentions "certain firewalls do monitor both in-bound and out-bound traffic". The cited examples were Norton and ZA. When i had the KIS 2009 ,it definitely was monitoring the in-bound traffic (similar to yours) with an I.P address with the message"possibly the ip add. is spoofed! When i managed to write down the protocol, most of them were from China! The routine routers monitor traffic only up to level 4! Any Malware which enters above that level escapes detection and blockade! Ever since i've installed KIS 2010, the "intrusions" have stopped!:)(y)

    In this Wiki article, i have culled what it means by levels one to seven! Site : http://en.wikipedia.org/wiki/OSI_model

    Excerpt " The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative.[1] In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the 7) Application, 6)Presentation, 5) Session, 4) Transport, 3)Network, 2) Data Link and finally 1) Physical layers.It is therefore often referred to as the OSI Seven Layer Model.":cool:

    Dear valis,
    Please note, ICF also protects a single computer connected to the Internet. You should not enable ICF on VPN connections because it will interfere with the operation of file sharing and other VPN functions. (courtesy the above MS article).:eek:

    Dear tomdkat,
    Your query really was top-notch! If (strictly speaking), the Windows Firewall and the ICF have a specific dedicated function and the third party firewall has it's own function, is it not correct to have, all of them active, instead of switching "OFF" the default Win.Firewall (however strong or weak it may be!) ? Now we have the added advantage of the Internet Connection Firewall to bolster the Windows Firewall!:rolleyes:
     
  15. tomdkat

    tomdkat Retired Trusted Advisor

    Joined:
    May 6, 2006
    Messages:
    7,148
    I'm not sure why I would since the system already has a third-party firewall running. What still boggles my mind is how that inbound traffic made it through the router, in the first place.

    Peace...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914353

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice