LinkBack URL
About LinkBacksi hear often that i dont need a software firewall if i have the one in the router (linksys)
and to be honest id like to get rid of it !
i hear often that i dont need a software firewall if i have the one in the router (linksys)
and to be honest id like to get rid of it !
Correct me If Im wrong but a hardware router is not the same as hardware firewall. Being behind a router it is a lot more difficult to see your real ip. Your router helps by making it harder to establish a direct connection to your personal pc if you're on a LAN.
I would keep your software firewall as it gives you added protection and control over apps establishing incoming/outgoing connections.
yep, you wanna stop the stuff going OUT more than the stuff coming in
the router won't help in that respect - ya need the software
i know hardware routers and firewalls are different things but you also get routers with a firewall built in since they control everything that is inbound or outbound on a network
most router / firewalls are not application aware - they dont know if its IEXPLORE.EXE or SOMENASTYTROJAN.EXE that wants access to port 80 , they just know to let port 80 outbound.
Think of a layered approach to security and keep that firewall on
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
bugger i dont like em
why not - you dont really need much more than the builtin XP firewall. I can understnad not wanitng ot use some of the 3rd partys ones...their erro messages are irritatingly alarmist.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
or if you belive that if nothing dogy gets onto your pc then nothing dodgy will be sent out, then you dont need one
that basicly means you need to be behind a hardware firewall/router if connected to net, and only run trusted programs.
has worked for me for 10+ years and while not perfect i consider it safer than any system with just a software firewall.
it also means dont let anyone else use your machine , dont visit any website with unknown content or redirects. Actually you'd better not let any machines inside your network at all. Dont let anyone connect a storage device to your machine. Dont connect it to any unknown networks.Originally Posted by |SilentDeath|
or if you belive that if nothing dogy gets onto your pc then nothing dodgy will be sent out, then you dont need one
Given that the XP firewall is free and actually works I can't see any sensible reason not to use it.
Defence in depth is the only sensible security approach and if an extra layer does not affect day to day running , then I can't see a valid reason not to use it.
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Complete and utter bobbins.
A hardware (or perimeter) firewall built into a broadband router is going to do absolutely nothing to outbound traffic, and even if it did it has no possibility to be "application aware" (as Moby points out).
The only way to have application-level protection is to have a process running on the machine itself which get identify processes attempting to make outbound connections from your machine.
A perimeter firewall (even those with stateful packet inspection and rudimentary intrusion detection) typically looks only at ports and/or protocols for determining what is and is not allowed through.
My list of security measures for layered security on Windows, in no particular order:
- perimeter (or "hardware") firewall
- application-aware (or "personal"/"software") firewall
- AV, automatically updating (I use Avast as it is very vocal when it updates and it is clear if the service is disabled)
- enable Automatic Updates
- log on as a limited user, not an admin
- periodically use AutoRuns from Sysinternals.com to check what is running on machine startup and/or user logon, editing as necessary
- if using a 32-bit version, periodically run Rootkit Revealer from SysInternals.com
- never use any "remember this password" features for sensitive or financial services
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
Clearly your more lucky than most. A lot of my applications functionality breaks switching to 'limited user'. And as for automatic updates, one time I had to spend 5mins in System Restore thanks to whatever it updated!
And you forgot one thing - enable no execute protection on all applications and not just vital services. This again will break old apps but there is an exclusion list if need be.
The "run as" functionality is v usefull here
I like to download updates and install them when I'm readyu ( just in case)
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
Perhaps I am lucky, the only bugbear I have is with IrfanView not remembering file associations for non-admin users.
For only specific tasks or programs do I need to use "Run as" and give admin credentials - trying to compile BHOs or driver in Visual Studio would be interesting without those permissions for example.
But day-to-day stuff I have no problems with being logged in as a regular user.
Whatever updates are installed by Automatic Updates or manual Windows Updates are listed in the System event log under "NtServicePack" events, and the KBs listed can be checked on http://support.microsoft.com so you can see the specific files that were replaced.
Not necessarily old apps - Skype and Oblivion are on my list of exceptions as they crash with DEP enabled.
But you are right, I did miss it off the list - to be honest as a standard security practice it might cause more problems than it potentially solves - it is not the first thing you think of when an application crashes shortly after (or on) launching, if you enabled this feature a long time ago or under advice from someone else without knowing what it means.
Last edited by Paul Adams; 26-03-2006 at 10:48 AM.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
interesting, i disabled all firewall since getting my router/firewall.
I'll enable the XP firewall again
you could add Kerio Personal Firewall which is free and a really good firewall read about it here and for the download
http://www.sunbelt-software.com/Kerio.cfm
Herb
i just want one that will pop up like most do and stop any processes that try to send or receive anything without my permission then remember it and the firewall will not alert me to it again unless the exe changes ir is changed by something malicious!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote