Software firewalls worth it?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PK-her0

Thread Starter
Joined
Sep 17, 2007
Messages
1,553
just wondering what you guys thought of software firewalls...
is it worth it
i installed zone alarm once...it basically crashed my machine
and it was a real annoyance.

whats komodo like?

any input appreciated...
 
Joined
Oct 3, 2007
Messages
7,889
In XP, Vista and W7, the built in firewalls are very good, the only thing they don't do is monitor outbound connections made by programs.

.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,172
Personally, the built-in Windows firewall works fine for me.

COMODO firewall gets good ratings, but I've personally never used it.

If I work on a computer and find ZoneAlarm installed, I usually convince the owner to get rid of it.

----------------------------------------------------------------
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,172
I used ZA for about 4 years until W7 came out.......after that, their firewall was far more granular than ZA's, and far more tweakable. That said, I operate a vpn behind a router, so I've got the double layer protection.
 

Stoner

Banned
Joined
Oct 26, 2002
Messages
44,931
I'm behind a NAT router with Online Armor as a software firewall.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,172
just can't do things half-way, now, can ya stoner? :)
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
Dear PK-her0,
Let there be no ambiguity about this:

1)Yours/mine, MS default firewall and ROUTER protect you/us from inbound attacks.

2) A stand-alone or a bundled one in a security suite protect you/me from outbound attacks!

Reference: http://www.wilderssecurity.com/showthread.php?t=158786

A) I ran two tests using the grc's "leak test"--A) my KIS2010 firewall turned off, XP PRO firewall turned on, Obviously meaning ,behind the router only the default Windows firewall is working!) Kindly see the thumbnail--2.

B) KIS2010 firewall turned on and XP Pro Firewall turned off!(Here, behind the same router,only the software firewall in KIS is on)Kindly see the thumbnail--1.

Though there are many more rigourous tests in both Matousec and grc, i thought ,as a demo this would suffice!

The tendency to depend on versions prior to Windows 7 ( i don't know a thing about Win. 7's firewall!) is possibly playing with a Panther(the one cat in it's class which is near impossible to completely tame);)! May not live to tell the tale/tail:eek:
 

Attachments

Stoner

Banned
Joined
Oct 26, 2002
Messages
44,931
just can't do things half-way, now, can ya stoner? :)
:D

One of these days I'm going to get around to setting up something like Smoothwall or IPCop on a spare computer.
('One of these days'.....I don't know how many times I've said that ...:D...)
 

jiml8

Guest
Joined
Jul 2, 2005
Messages
2,634
I have just deployed Win7 Pro in a VMware virtual machine hosted by my Linux workstation.

This is the first new Windows deployment I've done in about 8 years; I have been doing Windows development in my Win2000 virtual machine and had an XP laptop I used for testing on that OS. I skipped vista altogether.

After deploying Win7, my first action was to turn off the Windows firewall and install zone alarm - which still serves me well on XP and 2000.

ZA displayed some interaction with the power management service (which resulted, curiously enough, in problems with my virtual LAN environment between Win7 and my various Win2K virtual machines), AND it failed totally to block microsoft components from talking on the internet. I blocked those microsoft components using iptables in Linux (one advantage of a virtual machine) and began investigating.

I finally uninstalled ZA and installed Online Armor. OA was too liberal in its default definitions of what programs to allow, but it could be configured and trained - and it did indeed successfully block the various microsoft components after I figured out how to make it do that.

I continue to block a lot of stuff using iptables, and I'm continually monitoring the network connection to identify more things I need to block, but right now that is more precautionary than anything else; I do seem to have the situation under control. Online Armor is coming into line with what I require in terms of what it allows and what it blocks, and I am having it log everything IT does so that I know what it has decided.

I guess that now I have to rate Zone Alarm as an "avoid". In the day, it was the best of the firewalls, but I guess things change and the version that runs on Win7 does an extremely poor job.

While researching this, I did learn that the windows firewall in win7 can be configured to block outbound connections, but I found the mechanism to do this to be obscure. Also, I tend to not trust microsoft. Further, I have always followed the pattern of having my security mechanisms be third party because getting as far as possible outside of the microsoft monoculture is in and of itself a security enhancement.
 

tomdkat

Retired Trusted Advisor
Joined
May 6, 2006
Messages
7,148
Dear PK-her0,
Let there be no ambiguity about this:

1)Yours/mine, MS default firewall and ROUTER protect you/us from inbound attacks.
I used to think this same way, until this happened.

It appears something similar has happened to my dad except he's running a Comodo firewall (now) and I haven't been able to track down the source IP address Comodo reported.

Peace...
 
Joined
Sep 21, 2007
Messages
13,722
If you have Vista or Windows 7, the built in firewall does outbound blocking, if you turn that feature on. However, both versions of windows do not do a good job of assisting you in specifying which program executables to allow outbound. For example, to allow Internet Explorer to ask for web pages, you have to Allow the executable Iexplore.exe outbound. You also have to allow some services like Windows Update and Windows Time to reach out. Also, you have to allow some part of your antivirus to reach out and fetch definition updates. There are quite possibly other windows things that needs outbound access, but I have so far allow those mentioned above, and I am quite content to let the rest bang at the firewall.

Comodo is a pretty well rated software firewall, but I don't personally like it. And that is because it has its own whitelist of programs which it considers ok to allow outbound - and that list is not available for viewing. So you have to trust Comodo on what it decides is ok. Comodo also has a host intrusion detection component called Defence+. I believe it monitors the registry, and prevents nasties from changing/adding things to it. It is a good thing to have.

You asked if a software firewall is worth it. Yes, I think so. Especially those that can pass 'leak tests'. Viruses, botnet software sometimes leverage other legit software to call home to their master. A good software firewall is able to block these from doing so. So, it is another layer of defence in case your antivirus/antimalware program fails to detect them. No antivirus software can protect you 100%, as there are so many new nasties being born every day, so having multiple layers of defence is important.
 

perfume

Banned
Joined
Sep 12, 2008
Messages
2,011
I used to think this same way, until this happened.

It appears something similar has happened to my dad except he's running a Comodo firewall (now) and I haven't been able to track down the source IP address Comodo reported.

Peace...
Dear tomdkat,
Kindly "enable" the "ICF"(short for Internet Connection Firewall). How to do it? Site : http://technet.microsoft.com/en-us/library/bb456986.aspx

How does ICF work? Site : http://www.microsoft.com/resources/...roddocs/en-us/hnw_understanding_firewall.mspx

I have read a Microsoft article that mentions "certain firewalls do monitor both in-bound and out-bound traffic". The cited examples were Norton and ZA. When i had the KIS 2009 ,it definitely was monitoring the in-bound traffic (similar to yours) with an I.P address with the message"possibly the ip add. is spoofed! When i managed to write down the protocol, most of them were from China! The routine routers monitor traffic only up to level 4! Any Malware which enters above that level escapes detection and blockade! Ever since i've installed KIS 2010, the "intrusions" have stopped!:)(y)

In this Wiki article, i have culled what it means by levels one to seven! Site : http://en.wikipedia.org/wiki/OSI_model

Excerpt " The Open System Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative.[1] In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the 7) Application, 6)Presentation, 5) Session, 4) Transport, 3)Network, 2) Data Link and finally 1) Physical layers.It is therefore often referred to as the OSI Seven Layer Model.":cool:

Dear valis,
Please note, ICF also protects a single computer connected to the Internet. You should not enable ICF on VPN connections because it will interfere with the operation of file sharing and other VPN functions. (courtesy the above MS article).:eek:

Dear tomdkat,
Your query really was top-notch! If (strictly speaking), the Windows Firewall and the ICF have a specific dedicated function and the third party firewall has it's own function, is it not correct to have, all of them active, instead of switching "OFF" the default Win.Firewall (however strong or weak it may be!) ? Now we have the added advantage of the Internet Connection Firewall to bolster the Windows Firewall!:rolleyes:
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top