Lets say you have a good anti-virus and a good spyware that constantly updates. In addition you have a router. So, what is the need for a firewall? Are they really necessary?

And if you feel they are necessary would not the firewall that comes with Windows XP be sufficient as long as you have the other items I mention?

Thoughts please as well as positional support.

Does your hypothetical router have NAT or SPI in a hardware firewall?

I favor using a free software firewall behind a NAT router to help catch outgoing program data leaks. Windows firewall is better than nothing, depending on whether you feel MS is going to protect you.

MS firewall doesn't block out going..
Major flaw !!!

With all the holes in MS software running on a high speed connection without a firewall is just inviting problems


I have a NAT router and still run software firewall on my systems
Note !!

The firewall shows blocking 104 intrusions

That in itself is well worth the price and system demand

Would you like the long version or the short version?

The short answer is:


YES


The long answer is:


HELL YES

Are firewalls necessary?

No, but neither are optical drives, USB devices, printers, scanners, etc...

They are worth it, if for no other reason the peace of mind they provide comes at such a low price.

MJC:

I rarely disagree with you, but this time I do. In this day and age with port scanning and bot-nets, being behind a software firewall for all users and a NAT router/software firewall for broad band users is a necessary safety feature.

There are just too many jerks out there:

Read this (http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html), it's enough to make you want to puke.....

I read the article classicsoftware and I puked. I trhink these guys need to be put away for 10 years minimum and companies that hire them for 15 to 20. They are ruining people's lives and stealing with no conscience whatsoever. That is sociopathic in nature.

So other than routers, firewalls, spyware, and antivirus with continual updates, other than not surfing the net at all,what can one do in addition to protect against these "bots"? (Besides the obvious of avoiding porn sites)

There are always extra things you can do to protect yourself.
If you want to do all you can to protect yourself i suggest if you have not done so yet try out Mozilla FireFox and use the no scrypt extension as this GREATLY improves your safety whilst browsing.

I think if you are a savvy user and have a hardware based firewall on your router, have AV and Anti-Spyware and your machine is set up correctly you do not need a software firewall at all. Most businesses do not use software firewalls on any PC. They use a hardware solution. Windows firewall is a stateful firewall, it works on incoming traffic. I have not used a software firewall in years, granted, I am not a typical user. The glaring issue, I think, that is ignored by worrying about a SW FW filtering outgoing traffic is that you are already infected. So it would be possible you would notice outgoing traffic from an infection if the infection did not disable this type of alert. Much assuming going on.

Most of the fella's here deal with the general public who have many troubles with AV and spyware. For these types of folks I would recommend a software firewall every time. If you are security conscious and aware of how your machine runs normally a software firewall only eats CPU and RAM. Even the el cheapo DSL router I have with my ISP has very nice firewall and ACL rule set.

V

THE TEN COMMANDMENTS OF SAFE SURFING


Keep Windows Updated.
Install Anti-Virus Software and keep it updated.
Avoid known bad web sites.
Do not surf the web with administrator privileges.
Use a software firewall. If you have broadband also use a hardware firewall.
NEVER click on a link in an instant messaging program.
Use the Firefox web browser with the NoScript Extension or use Opera.
Turn on preview mode in Outlook or Outlook Express or use Thunderbird.
Use Adaware and Spybot as general spyware scanning tools.
Install SpywareBlaster and keep it updated.

MJC:

I rarely disagree with you, but this time I do. In this day and age with port scanning and bot-nets, being behind a software firewall for all users and a NAT router/software firewall for broad band users is a necessary safety feature.

There are just too many jerks out there:

Read this (http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html), it's enough to make you want to puke.....

Are all the items I listed not really necessary?

To most people they are quite necessary...especially the optical drives...

Tongue in cheek doesn't come out too well in print.

But, back to what I was trying to get at...

They are as necessary as just about any other component...short of CPU/RAM/Video...'cause without any of those three then anything else just isn't needed at all.

And I agree there are just too many things going on not to run one...and for most people the details of why to run one don't really matter...they'll do it for the peace of mind more than anything else.

I had just worked the overnight shift so I was too tired to notice the nuance.....

Any recommendations for software firewall? I'm using Zone Alarm for firewall and AV, but understand that its bloated. Is there anything more "streamlined" to replace it?
Thanks.

You could always try out sunbelt's Kerio Personal FireWall.I personaly had terrible issues with ZA on my machine and switched to Kerio and all my troubles ended it is easy to use and has many features to protect you aswell as logged reports of any attempts people make to hijack your computer.

There are many other alternatives such as Sygates firewall and a few others that are always mentioned and recommended on this board.

Its all about finding the right firewall to suit yourself and your level of knowledge on computers.

Im sure many suggestions will follow mine and you can pick out the one that suits you best

Keep in mind NAT by itself is NOT safe, NAT/PAT will hide your IP address from the public until you open your browser and make a connection out at that time that port is open and anyone can come directly into your pc on it, you need a stateful firewall which tracks the TCP/UDP sessions and only allows responses back in with the NAT to secure the sessions. hence why the linksys router is less then the linksys router/firewall. proxies are concidered the most secure devices as the PCs never directly make internet requests as well application layer firewalls inspect the packets and can even rip out commands an example is a PIX (hybrid firewall) or ASA firewall.

Laguna - Would you suggest then that the Kiero Personal Firewall would be good for both my P3 build as well as for my S939 build? ZA is eating my memory in my P3. I guess what I am basically asking is, will it do the job without demanding so much memory?

juniper - How does one determine if a) their router has a built in firewall and 2) it has been activated?

Thanks for the help.

Kerio takes up little or no CPU or ram on my end.Im running an AMD 3400+ with 2gb ram and doesnt even put a percentage on my performance in task manager.

I found with ZA that it ate up my CPU and even slowed the computer down to a five minute start up aswell as doing a bad job as a firewall IMO.

In any case even if a software firewall means taking up that little bit extra ram and CPU its still making you a hell of a lot safer and giving you that extra bit of peace of mind.

I recommend Kerio as from experience its a great easy to use in depth firewall and even asks about starting applications not just programs trying to call home.

Its good you should check all your available options and pick one that suits yourself

Laguna, I don't mind using a little bit of CPU or RAM, but its killing my old Pentium 3 even if it is a 1.2 Ghz Tualatian chip. Plus, being a P3 it can't handle more than 512 megs of RAM so I am sure ZA is taxing it. This is why I am looking for a good, relaible firewall that won't take up that much memory or CPU. This P3 is still very serviciable and I want to have it last.

My new build is an AMD 3200+ with 2 gb ram.

Question: Does the free version of Kiero get updated regularly?

Kerio has a small footprint and it works very well on older systems, even 98s without hogging everything.

Kerio only runs on win 2000 and up. I tried it on a ME machine I have, no go. :(

Here is the spec page. http://www.sunbelt-software.com/Kerio-Specs.cfm

Quote from the link
Kerio Personal Firewall 4 DOES NOT run on Windows 95, 98, Me, NT, 2000 Server and 2003 Server and 64 bit Versions of Windows.

Actually, you can find the old pre-Sunbuilt freeware version of Kerio (the REALKerio) still floating around and it will play very nicely on just about everything (I think 2.15 will even work on 95...but don't hold me too that, 'cause I haven't actually tried it)

Try earlier versions of Kerio or Tiny Personal Firewall for those older, marginal PCs. Those versions have a small footprint but do the job.
Even better, take an old, slow PC and install Linux and then Monowall or Smoothwall firewall programs. Very good protection and super cheap as well.

mjc,
Yes version 2.15 still is around and works.

Laguna, I don't mind using a little bit of CPU or RAM, but its killing my old Pentium 3 even if it is a 1.2 Ghz Tualatian chip. Plus, being a P3 it can't handle more than 512 megs of RAM so I am sure ZA is taxing it. This is why I am looking for a good, relaible firewall that won't take up that much memory or CPU. This P3 is still very serviciable and I want to have it last.

My new build is an AMD 3200+ with 2 gb ram.

Question: Does the free version of Kiero get updated regularly?

I have Kerio Pro running on both my machine and my older machine that i gave to my family and that machine's specs were pretty low.It has a P3 860mhz and 256mb ram and runs fine with Kerio so i would give you the go ahead to try it out as in comparison to ZA it will work like a dream.

And on the note of updating.Kerio has a search for updates option in the preferences section but Firewalls rarely change so there isnt too many updates.

Actually, you can find the old pre-Sunbuilt freeware version of Kerio (the REALKerio) still floating around and it will play very nicely on just about everything (I think 2.15 will even work on 95...but don't hold me too that, 'cause I haven't actually tried it)
Oh that is very good to know. I still have 2.15 in my archives too. :) Actually all my XP machines are running pre-Sunbelt versions (4.22.911). I have never even downloaded the Sunbelt version yet. I also have the last free version of Sygate around somewhere.

I have three test/troubleshooting machines with 95,98, and ME on them. I will let you know if it works on 95.

I will not touch ZA anymore since I had a very bad experience with ZA that caused me to wipe two machines before I had my backup plan perfected. :( :mad: I had a very long thread about it about a couple of years ago and the problem ended up being ZA.

I use the old free Sygate and I think it's great.....

They have a free Sygate 5.6 version that can be downloaded. Anyone know if this is fine or does it have Symantec's bloated hands all over its coding?

They have a free Sygate 5.6 version that can be downloaded. Anyone know if this is fine or does it have Symantec's bloated hands all over its coding?


Who is they?????

"They" (sorry) are several downloadable sites on the net one of which is:

http://www.majorgeeks.com/Sygate_Personal_Firewall_Free_d3356.html

Symantec's website says that for now they will support Sygate. I was just wondering if this is a good firewall pre-Symantec for today's internet scene.

juniper - How does one determine if a) their router has a built in firewall and 2) it has been activated?

It will say it has a built in firewall usualy reading the package will show what type (stateful, stateless, etc). Normaly the stateful inspection firewall will be enabled by default but you need to read the documentation that comes with the router. I personaly do not use software firewalls unless on a bastion host, being certified firewall specialist I do not intend on letting someone get far enough in to my network to directly hit my PC's in the first place I run a PIX 506 and SNORT on my home net.