LinkBack URL
About LinkBacksAt the moment, I just have my router, Windows 7 built-in firewall and my trusty NOD32.
Now, I am concerned if any hacker can try to ping my PC or try to access it. Will zonealarm stop this or do I even need it?
At the moment, I just have my router, Windows 7 built-in firewall and my trusty NOD32.
Now, I am concerned if any hacker can try to ping my PC or try to access it. Will zonealarm stop this or do I even need it?
Disable ICMP in your router. Your router will then not respond to ICMP (ping/trace route) packets. However, if ypyr router is using NAT, your PC will be invisible to the internet anyway, unless you have port forwarding enabled.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Zonealarm would protect you from hacks, yeah. Having said that, a router tends to block most simple attacks so you're not in that much danger. As long as you don't have any open ports you aren't really at that much risk imo.
At the end of the day, the more security layers you have in place the more secure you are (assuming you aren't dim enough to have multiple AV/firewalls running), so it depends where you want to draw the line and where you want to have your tradeoffs.
as has been already said, NAT, no ICMP & having a dynamic IP will all help. Never trusted software firewalls tbh anyway. A good router will have basic firewalling, but if you leave your PC on for long periods of time & you have a fixed IP, a dedicated hardware firewall, or firewall/router combo will give you peace of mind.
Having said that, in the defence of software firewalls, IF you ever get infected, god forbid, they should stop outbound suspicious traffic.
[
Originally Posted by Blitzen
In my experience software firewalls cause a lot more issues than they ever fix.
Keep your virus scanner up to date.
Keep your software patched.
Make sure your router's firewall is on.
Don't forward ports you don't need if you use NAT.
Don't run services/servers on your boxen that aren't necessary.
PHP Code:$s = new signature();
$s->sarcasm()->intellect()->font('Courier New')->display();
IMO your basic domestic router/nat box will provide all the protection your home LAN could ever need from outside threats. As long as you don't set anything as its DMZ host, open any ports, or enable its remote administration.
Software firewalls still have two (maybe three) uses.
1) A better software firewall will provide outbound protection. This may help catch spyware that has managed to get on your PC.
2) Software firewalls (even the build in XP one) can help prevent a virus from spreading once it manages to get inside your network. Either by an infected visiting PC or by removable media.
3) As already mentioned, more layers of security is almost always better. HOWEVER, if your network setup is a straightforward domestic LAN then this extra layer is unlikely to provide any real benefit.
There are not that many (comparatively) viruses that spread by direct network access, and as long as you keep your OS patched you are unlikely to be vulnerable to them anyway. Most of the malware that your PC is going to be exposed to is going to be from web pages that you have requested. A firewall won't do anything to protect you from these, this is what an AV program is for.
I wouldn't bother. Common sense and a decent on-access virus/malware scanner.
For the home user this is fine, your router should take care of most of the low-level attacks.
But at the end of the day, if an accomplished attacker has you in his sight then all of the above in this thread is worthless. But no ones specifically going to target you i dont expect.
Anti virus and common sense is enough to keep you 99.9% of the time clean. But even then there are many crypted/polymorphic viruses/malwares that avoid signature/heuristic detection and are fully undetected..
It always has and always will be a cat and mouse game, sadly you will always be on the backfoot.
Seeing as everyone else is negative, the advantage of zonealarm is you can see when unexpected programs try to access the internet. This can be a good first alarm that something has slipped through the net, however is people just approve all apps all the time, this benefit is lost.
I have to admit I don't use zonealarm any more, as it aways seems to pop up at the wrong time, iconising a game or something that never recovers.
I guess its down to how paranoid you are...
(\__/) All I wanted in the end was world domination and a whole lot of money to spend. - NMA
(='.*=)
(")_(*)
What Zonealarm is really good for is acting as a second safety net, especially for outgoing communications - ie if you have a trojan or something trying to use your computer as part of a botnet, Zonealarm will stop it in a way that most routers and inbuilt firewalls won't.
However it's better to make sure you don't get the infection in the first place, which the inbuilt firewalls, a decent real time anti-virus application, a rigorous update schedule and some common sense will prevent.
edit: oh, kind of what oolon said above
Thanks for the replies guys. Much appreciated.
I guess I don't really need ZoneAlarm.
But even here, what if the trojan or botnet has injected itself into another process, dll or service? Lets say a Windows one. Bypassed. There are also many other methods of bypassing firewalls, and most are very effective.
Some for of HIDS, or IDS system would help prevent this. Checking the integrity of files.
However these are often far too intrusive and i wouldn't recommend them for any home users, bar the most paranoid.
Common Sense is the key, stay clear of malicious websites, don't run files without first thinking. Keep an eye on your system.
Use a sandbox such as sandboxie for files you arent completely sure about, and running a sandboxed browser is also quite a good idea - helps prevent those driveby downloaders
Oh and if files you are unsure about fail to run inside a sandbox or run in a way you didnt expect they most likely contain some form of anti-sandbox routine and should be avoided. For example -
Most anti-sandbox routines will identify if the application is being ran virtually, and break/exit if true. Otherwise continue it's routines. Therefore the malicious elements of the file will not be identified by the sandbox (as it exited before).
Last edited by CrazyMonkey; 30-03-2010 at 01:37 PM.
It's not just about malicious content - I like being able to control legitimate programs as well.
Some software manufacturers like to bundle in automatic updaters that you can't opt out of, and it's quite nice having a decent firewall then which can just bar it from getting online.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
